Loading...
Searching...
No Matches
#include <gtest/gtest.h>#include <memory>#include <string>#include <sstream>#include <vector>#include <regex>#include "database/backends/sqlite_backend.h"#include "database/core/database_backend.h"#include "database/query_builder.h"
Include dependency graph for data_masking_test.cpp:
Go to the source code of this file.
Classes | |
| class | DataMaskingTest |
| Test fixture for data masking security tests. More... | |
Functions | |
| TEST_F (DataMaskingTest, QueryResultsNotLeakedInExceptions) | |
| Tests that query results don't appear in exception messages. | |
| TEST_F (DataMaskingTest, DatabaseErrorsNotLeakData) | |
| Tests that database-level errors don't expose data. | |
| TEST_F (DataMaskingTest, ResultDebugOutputMasked) | |
| Tests that debug representations of results mask sensitive fields. | |
| TEST_F (DataMaskingTest, QueryBuilderDoesNotLogSensitiveData) | |
| Tests that query builder operations don't log sensitive values. | |
| TEST_F (DataMaskingTest, SensitiveColumnNamePatterns) | |
| Documents patterns that should be treated as sensitive. | |
| TEST_F (DataMaskingTest, PIINotInStackTraces) | |
| Tests that PII doesn't appear in stack traces. | |
| TEST_F (DataMaskingTest, LargeDataSetDoesNotLeakOnError) | |
| Tests that large result sets don't leak on error. | |
| TEST_F (DataMaskingTest, SensitiveDataClearedFromResult) | |
| Tests that sensitive data is clearable from result objects. | |
| TEST_F (DataMaskingTest, StringValueSecureClearing) | |
| Documents the need for secure string clearing. | |
| TEST_F (DataMaskingTest, DebugLogLevelDoesNotExposeSecrets) | |
| Tests that even debug-level logging masks sensitive data. | |
| TEST_F (DataMaskingTest, ErrorLogMasksSensitiveContext) | |
| Tests that error logs mask sensitive context. | |
| TEST_F (DataMaskingTest, CreditCardMaskingFormat) | |
| Documents expected credit card masking format. | |
| TEST_F (DataMaskingTest, SSNMaskingFormat) | |
| Documents expected SSN masking format. | |
Function Documentation
◆ TEST_F() [1/13]
| TEST_F | ( | DataMaskingTest | , |
| CreditCardMaskingFormat | ) |
Documents expected credit card masking format.
- Test
- CreditCardMaskingFormat
Definition at line 429 of file data_masking_test.cpp.
429 {
430 // Credit cards should be masked as: ****-****-****-1234
431 std::string full_cc = "4111111111111111";
432 std::string masked_cc = "****-****-****-1111"; // Last 4 visible
433
434 // Verify masking maintains last 4 digits
435 EXPECT_EQ(full_cc.substr(full_cc.length() - 4), "1111");
436
437 SUCCEED() << "Credit cards should be masked to show only last 4 digits";
438}
◆ TEST_F() [2/13]
| TEST_F | ( | DataMaskingTest | , |
| DatabaseErrorsNotLeakData | ) |
Tests that database-level errors don't expose data.
- Test
- DatabaseErrorsNotLeakData
Definition at line 132 of file data_masking_test.cpp.
132 {
133#ifdef USE_SQLITE
134 // Query with intentional error after referencing sensitive table
135 std::string bad_query = "SELECT * FROM sensitive_data WHERE invalid_column = 1";
136
137 try {
138 db_->select_query(bad_query);
139 } catch (const std::exception& e) {
140 std::string error_msg = e.what();
141 EXPECT_FALSE(containsSensitiveData(error_msg))
142 << "Sensitive data in database error: " << error_msg;
143 }
144
145 // This test passes even if no exception is thrown
146 SUCCEED();
147#else
148 GTEST_SKIP() << "SQLite not available";
149#endif
150}
◆ TEST_F() [3/13]
| TEST_F | ( | DataMaskingTest | , |
| DebugLogLevelDoesNotExposeSecrets | ) |
Tests that even debug-level logging masks sensitive data.
- Test
- DebugLogLevelDoesNotExposeSecrets
Definition at line 390 of file data_masking_test.cpp.
390 {
391 // Even in debug mode, sensitive data should be masked
392 // This is a design principle test
393
394 SUCCEED() << "All log levels should mask sensitive data, including DEBUG";
395}
◆ TEST_F() [4/13]
| TEST_F | ( | DataMaskingTest | , |
| ErrorLogMasksSensitiveContext | ) |
Tests that error logs mask sensitive context.
- Test
- ErrorLogMasksSensitiveContext
Definition at line 401 of file data_masking_test.cpp.
401 {
402#ifdef USE_SQLITE
403 std::stringstream captured;
404 std::streambuf* original = std::cerr.rdbuf(captured.rdbuf());
405
406 // Trigger an error after querying sensitive data
407 db_->select_query("SELECT * FROM sensitive_data");
408 db_->execute_query("INVALID SYNTAX");
409
410 std::cerr.rdbuf(original);
411 std::string error_output = captured.str();
412
413 // Error log should not contain sensitive data
414 EXPECT_FALSE(containsSensitiveData(error_output))
415 << "Sensitive data in error log: " << error_output;
416#else
417 GTEST_SKIP() << "SQLite not available";
418#endif
419}
◆ TEST_F() [5/13]
| TEST_F | ( | DataMaskingTest | , |
| LargeDataSetDoesNotLeakOnError | ) |
Tests that large result sets don't leak on error.
- Test
- LargeDataSetDoesNotLeakOnError
Definition at line 308 of file data_masking_test.cpp.
308 {
309#ifdef USE_SQLITE
310 // Insert more sensitive records
311 for (int i = 2; i <= 100; ++i) {
312 std::string query =
313 "INSERT INTO sensitive_data (id, ssn, credit_card) VALUES (" +
314 std::to_string(i) + ", '" +
315 std::to_string(100 + i) + "-45-6789', '4" +
316 std::string(15, '1' + (i % 9)) + "')";
317 db_->execute_query(query);
318 }
319
320 // Query all data
321 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
322 ASSERT_TRUE(query_result.is_ok());
323 ASSERT_GE(query_result.value().size(), 100u);
324
325 // If an error occurs, none of this data should appear in messages
326 SUCCEED() << "Large datasets require careful error message construction";
327#else
328 GTEST_SKIP() << "SQLite not available";
329#endif
330}
References ASSERT_TRUE.
◆ TEST_F() [6/13]
| TEST_F | ( | DataMaskingTest | , |
| PIINotInStackTraces | ) |
Tests that PII doesn't appear in stack traces.
- Test
- PIINotInStackTraces
Definition at line 285 of file data_masking_test.cpp.
285 {
286#ifdef USE_SQLITE
287 // Query PII data
288 auto query_result = db_->select_query("SELECT ssn FROM sensitive_data");
289 ASSERT_TRUE(query_result.is_ok());
290 ASSERT_FALSE(query_result.value().empty());
291
292 // Cause an error and check stack trace doesn't contain PII
293 try {
294 throw std::runtime_error("Test error after PII access");
295 } catch (const std::exception& e) {
296 std::string what_msg = e.what();
297 EXPECT_FALSE(containsSensitiveData(what_msg));
298 }
299#else
300 GTEST_SKIP() << "SQLite not available";
301#endif
302}
#define ASSERT_FALSE(condition, message)
Definition test_connection_string_builder.cpp:35
References ASSERT_FALSE, and ASSERT_TRUE.
◆ TEST_F() [7/13]
| TEST_F | ( | DataMaskingTest | , |
| QueryBuilderDoesNotLogSensitiveData | ) |
Tests that query builder operations don't log sensitive values.
- Test
- QueryBuilderDoesNotLogSensitiveData
Definition at line 214 of file data_masking_test.cpp.
214 {
215 std::stringstream captured;
216 std::streambuf* original = std::clog.rdbuf(captured.rdbuf());
217
218 {
219 query_builder builder(database_types::sqlite);
220 builder
221 .select({"*"})
222 .from("users")
223 .where("ssn", "=", std::string("123-45-6789"))
224 .where("credit_card", "=", std::string("4111111111111111"))
225 .build();
226 }
227
228 std::clog.rdbuf(original);
229 std::string log_output = captured.str();
230
231 // Query builder should not log the actual values
232 EXPECT_FALSE(containsSensitiveData(log_output))
233 << "Sensitive data appeared in query builder logs: " << log_output;
234}
Universal query builder that adapts to different database types.
Definition query_builder.h:105
References database::query_builder::build(), database::query_builder::select(), and database::query_builder::where().
Here is the call graph for this function:
◆ TEST_F() [8/13]
| TEST_F | ( | DataMaskingTest | , |
| QueryResultsNotLeakedInExceptions | ) |
Tests that query results don't appear in exception messages.
- Test
- QueryResultsNotLeakedInExceptions
When an error occurs after fetching sensitive data, the exception message should not contain the data values.
Definition at line 105 of file data_masking_test.cpp.
105 {
106#ifdef USE_SQLITE
107 // First, successfully query sensitive data
108 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
109 ASSERT_TRUE(query_result.is_ok());
110 ASSERT_FALSE(query_result.value().empty());
111
112 // Now try to cause an error
113 try {
114 db_->execute_query("INVALID SQL SYNTAX ERROR");
115 // If no exception, still pass - we're testing exception content
116 } catch (const std::exception& e) {
117 std::string error_msg = e.what();
118
119 // Sensitive data from previous query should NOT appear in error
120 EXPECT_FALSE(containsSensitiveData(error_msg))
121 << "Sensitive data leaked in exception: " << error_msg;
122 }
123#else
124 GTEST_SKIP() << "SQLite not available";
125#endif
126}
References ASSERT_FALSE, and ASSERT_TRUE.
◆ TEST_F() [9/13]
| TEST_F | ( | DataMaskingTest | , |
| ResultDebugOutputMasked | ) |
Tests that debug representations of results mask sensitive fields.
- Test
- ResultDebugOutputMasked
Definition at line 160 of file data_masking_test.cpp.
160 {
161#ifdef USE_SQLITE
162 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
163 ASSERT_TRUE(query_result.is_ok());
164 auto result = query_result.value();
165 ASSERT_FALSE(result.empty());
166
167 // If there's a to_string or debug method for results,
168 // it should mask sensitive fields
169
170 // Since database_result is std::vector<database_row>,
171 // we can verify the principle by checking how we'd output it
172 std::ostringstream debug_output;
173 for (const auto& row : result) {
174 for (const auto& [key, value] : row) {
175 debug_output << key << "=";
176 std::visit([&debug_output](const auto& v) {
177 using T = std::decay_t<decltype(v)>;
178 if constexpr (std::is_same_v<T, std::string>) {
179 debug_output << v;
180 } else if constexpr (std::is_same_v<T, int64_t>) {
181 debug_output << v;
182 } else if constexpr (std::is_same_v<T, double>) {
183 debug_output << v;
184 } else if constexpr (std::is_same_v<T, bool>) {
185 debug_output << (v ? "true" : "false");
186 } else {
187 debug_output << "null";
188 }
189 }, value);
190 debug_output << " ";
191 }
192 }
193
194 // This documents the need for masking - actual implementation
195 // should mask fields like ssn, credit_card, password, etc.
196 std::string output = debug_output.str();
197
198 // If sensitive data appears, log a security note
199 if (containsSensitiveData(output)) {
200 // This is expected with raw output - document the need for masking
201 SUCCEED() << "SECURITY NOTE: Raw database output contains sensitive data. "
202 << "Production systems should mask fields matching patterns like: "
203 << "ssn, credit_card, password, secret, etc.";
204 }
205#else
206 GTEST_SKIP() << "SQLite not available";
207#endif
208}
References ASSERT_FALSE, and ASSERT_TRUE.
◆ TEST_F() [10/13]
| TEST_F | ( | DataMaskingTest | , |
| SensitiveColumnNamePatterns | ) |
Documents patterns that should be treated as sensitive.
- Test
- SensitiveColumnNamePatterns
These column name patterns should trigger masking in debug/logging output.
Definition at line 246 of file data_masking_test.cpp.
246 {
247 std::vector<std::string> sensitive_patterns = {
248 "password",
249 "passwd",
250 "pwd",
251 "secret",
252 "ssn",
253 "social_security",
254 "credit_card",
255 "creditcard",
256 "cc_number",
257 "cvv",
258 "card_number",
259 "bank_account",
260 "account_number",
261 "routing_number",
262 "api_key",
263 "apikey",
264 "auth_token",
265 "access_token",
266 "refresh_token",
267 "private_key",
268 "encryption_key",
269 };
270
271 // This test documents the patterns - actual implementation
272 // should mask these automatically
273 SUCCEED() << "Documented " << sensitive_patterns.size()
274 << " sensitive column name patterns for masking";
275}
◆ TEST_F() [11/13]
| TEST_F | ( | DataMaskingTest | , |
| SensitiveDataClearedFromResult | ) |
Tests that sensitive data is clearable from result objects.
- Test
- SensitiveDataClearedFromResult
Definition at line 340 of file data_masking_test.cpp.
340 {
341#ifdef USE_SQLITE
342 {
343 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
344 ASSERT_TRUE(query_result.is_ok());
345 auto result = query_result.value();
346 ASSERT_FALSE(result.empty());
347
348 // Clear the result
349 result.clear();
350
351 // After clearing, result should be empty
352 EXPECT_TRUE(result.empty());
353 }
354
355 // After scope exit, the data should be fully destroyed
356 // Actual memory verification requires external tools
357 SUCCEED() << "Result objects support clearing sensitive data";
358#else
359 GTEST_SKIP() << "SQLite not available";
360#endif
361}
References ASSERT_FALSE, and ASSERT_TRUE.
◆ TEST_F() [12/13]
| TEST_F | ( | DataMaskingTest | , |
| SSNMaskingFormat | ) |
Documents expected SSN masking format.
- Test
- SSNMaskingFormat
Definition at line 444 of file data_masking_test.cpp.
444 {
445 // SSN should be masked as: ***-**-6789
446 std::string full_ssn = "123-45-6789";
447 std::string masked_ssn = "***-**-6789"; // Last 4 visible
448
449 SUCCEED() << "SSN should be masked to show only last 4 digits";
450}
◆ TEST_F() [13/13]
| TEST_F | ( | DataMaskingTest | , |
| StringValueSecureClearing | ) |
Documents the need for secure string clearing.
- Test
- StringValueSecureClearing
Definition at line 367 of file data_masking_test.cpp.
367 {
368 // This documents the security requirement for clearing sensitive strings
369 // Actual implementation should use secure_clear or similar
370
371 std::string sensitive = "my_secret_password";
372
373 // Standard clear() doesn't securely erase memory
374 // Secure implementation should overwrite before deallocation
375 sensitive.clear();
376
377 // Document this security consideration
378 SUCCEED() << "SECURITY NOTE: Use secure memory clearing for sensitive strings. "
379 << "std::string::clear() does not securely erase memory.";
380}
