Database System 0.1.0
Advanced C++20 Database System with Multi-Backend Support
Loading...
Searching...
No Matches
data_masking_test.cpp
Go to the documentation of this file.
1// BSD 3-Clause License
2// Copyright (c) 2025, 🍀☀🌕🌥 🌊
3// See the LICENSE file in the project root for full license information.
4
15#include <gtest/gtest.h>
16#include <memory>
17#include <string>
18#include <sstream>
19#include <vector>
20#include <regex>
21
22#include "database/backends/sqlite_backend.h"
23#include "database/core/database_backend.h"
24#include "database/query_builder.h"
25
26using namespace database;
27using namespace database::backends;
28using namespace database::core;
29
34class DataMaskingTest : public ::testing::Test {
35protected:
36 std::unique_ptr<sqlite_backend> db_;
37
38 void SetUp() override {
39 db_ = std::make_unique<sqlite_backend>();
40#ifdef USE_SQLITE
41 connection_config config;
42 config.database = ":memory:";
43 ASSERT_TRUE(db_->initialize(config).is_ok());
44
45 // Create tables with sensitive data
46 ASSERT_TRUE(db_->execute_query(
47 "CREATE TABLE sensitive_data ("
48 " id INTEGER PRIMARY KEY,"
49 " ssn TEXT,"
50 " credit_card TEXT,"
51 " bank_account TEXT,"
52 " password_hash TEXT"
53 ")"
54 ).is_ok());
55
56 // Insert test sensitive data
57 auto insert_result = db_->execute_query(
58 "INSERT INTO sensitive_data "
59 "(id, ssn, credit_card, bank_account, password_hash) VALUES "
60 "(1, '123-45-6789', '4111111111111111', 'ACC123456789', 'hash_secret_123')"
61 );
62 ASSERT_TRUE(insert_result.is_ok());
63#else
64 GTEST_SKIP() << "SQLite not available";
65#endif
66 }
67
68 void TearDown() override {
69 if (db_ && db_->is_initialized()) {
70 db_->shutdown();
71 }
72 }
73
77 bool containsSensitiveData(const std::string& str) {
78 std::vector<std::string> sensitive_patterns = {
79 "123-45-6789", // SSN
80 "4111111111111111", // Credit card
81 "ACC123456789", // Bank account
82 "hash_secret_123", // Password hash
83 };
84
85 for (const auto& pattern : sensitive_patterns) {
86 if (str.find(pattern) != std::string::npos) {
87 return true;
88 }
89 }
90 return false;
91 }
92};
93
94//=============================================================================
95// Exception Message Security Tests
96//=============================================================================
97
105TEST_F(DataMaskingTest, QueryResultsNotLeakedInExceptions) {
106#ifdef USE_SQLITE
107 // First, successfully query sensitive data
108 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
109 ASSERT_TRUE(query_result.is_ok());
110 ASSERT_FALSE(query_result.value().empty());
111
112 // Now try to cause an error
113 try {
114 db_->execute_query("INVALID SQL SYNTAX ERROR");
115 // If no exception, still pass - we're testing exception content
116 } catch (const std::exception& e) {
117 std::string error_msg = e.what();
118
119 // Sensitive data from previous query should NOT appear in error
120 EXPECT_FALSE(containsSensitiveData(error_msg))
121 << "Sensitive data leaked in exception: " << error_msg;
122 }
123#else
124 GTEST_SKIP() << "SQLite not available";
125#endif
126}
127
132TEST_F(DataMaskingTest, DatabaseErrorsNotLeakData) {
133#ifdef USE_SQLITE
134 // Query with intentional error after referencing sensitive table
135 std::string bad_query = "SELECT * FROM sensitive_data WHERE invalid_column = 1";
136
137 try {
138 db_->select_query(bad_query);
139 } catch (const std::exception& e) {
140 std::string error_msg = e.what();
141 EXPECT_FALSE(containsSensitiveData(error_msg))
142 << "Sensitive data in database error: " << error_msg;
143 }
144
145 // This test passes even if no exception is thrown
146 SUCCEED();
147#else
148 GTEST_SKIP() << "SQLite not available";
149#endif
150}
151
152//=============================================================================
153// Debug Output Security Tests
154//=============================================================================
155
160TEST_F(DataMaskingTest, ResultDebugOutputMasked) {
161#ifdef USE_SQLITE
162 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
163 ASSERT_TRUE(query_result.is_ok());
164 auto result = query_result.value();
165 ASSERT_FALSE(result.empty());
166
167 // If there's a to_string or debug method for results,
168 // it should mask sensitive fields
169
170 // Since database_result is std::vector<database_row>,
171 // we can verify the principle by checking how we'd output it
172 std::ostringstream debug_output;
173 for (const auto& row : result) {
174 for (const auto& [key, value] : row) {
175 debug_output << key << "=";
176 std::visit([&debug_output](const auto& v) {
177 using T = std::decay_t<decltype(v)>;
178 if constexpr (std::is_same_v<T, std::string>) {
179 debug_output << v;
180 } else if constexpr (std::is_same_v<T, int64_t>) {
181 debug_output << v;
182 } else if constexpr (std::is_same_v<T, double>) {
183 debug_output << v;
184 } else if constexpr (std::is_same_v<T, bool>) {
185 debug_output << (v ? "true" : "false");
186 } else {
187 debug_output << "null";
188 }
189 }, value);
190 debug_output << " ";
191 }
192 }
193
194 // This documents the need for masking - actual implementation
195 // should mask fields like ssn, credit_card, password, etc.
196 std::string output = debug_output.str();
197
198 // If sensitive data appears, log a security note
199 if (containsSensitiveData(output)) {
200 // This is expected with raw output - document the need for masking
201 SUCCEED() << "SECURITY NOTE: Raw database output contains sensitive data. "
202 << "Production systems should mask fields matching patterns like: "
203 << "ssn, credit_card, password, secret, etc.";
204 }
205#else
206 GTEST_SKIP() << "SQLite not available";
207#endif
208}
209
214TEST_F(DataMaskingTest, QueryBuilderDoesNotLogSensitiveData) {
215 std::stringstream captured;
216 std::streambuf* original = std::clog.rdbuf(captured.rdbuf());
217
218 {
219 query_builder builder(database_types::sqlite);
220 builder
221 .select({"*"})
222 .from("users")
223 .where("ssn", "=", std::string("123-45-6789"))
224 .where("credit_card", "=", std::string("4111111111111111"))
225 .build();
226 }
227
228 std::clog.rdbuf(original);
229 std::string log_output = captured.str();
230
231 // Query builder should not log the actual values
232 EXPECT_FALSE(containsSensitiveData(log_output))
233 << "Sensitive data appeared in query builder logs: " << log_output;
234}
235
236//=============================================================================
237// Sensitive Field Detection Tests
238//=============================================================================
239
246TEST_F(DataMaskingTest, SensitiveColumnNamePatterns) {
247 std::vector<std::string> sensitive_patterns = {
248 "password",
249 "passwd",
250 "pwd",
251 "secret",
252 "ssn",
253 "social_security",
254 "credit_card",
255 "creditcard",
256 "cc_number",
257 "cvv",
258 "card_number",
259 "bank_account",
260 "account_number",
261 "routing_number",
262 "api_key",
263 "apikey",
264 "auth_token",
265 "access_token",
266 "refresh_token",
267 "private_key",
268 "encryption_key",
269 };
270
271 // This test documents the patterns - actual implementation
272 // should mask these automatically
273 SUCCEED() << "Documented " << sensitive_patterns.size()
274 << " sensitive column name patterns for masking";
275}
276
277//=============================================================================
278// PII (Personally Identifiable Information) Tests
279//=============================================================================
280
285TEST_F(DataMaskingTest, PIINotInStackTraces) {
286#ifdef USE_SQLITE
287 // Query PII data
288 auto query_result = db_->select_query("SELECT ssn FROM sensitive_data");
289 ASSERT_TRUE(query_result.is_ok());
290 ASSERT_FALSE(query_result.value().empty());
291
292 // Cause an error and check stack trace doesn't contain PII
293 try {
294 throw std::runtime_error("Test error after PII access");
295 } catch (const std::exception& e) {
296 std::string what_msg = e.what();
297 EXPECT_FALSE(containsSensitiveData(what_msg));
298 }
299#else
300 GTEST_SKIP() << "SQLite not available";
301#endif
302}
303
308TEST_F(DataMaskingTest, LargeDataSetDoesNotLeakOnError) {
309#ifdef USE_SQLITE
310 // Insert more sensitive records
311 for (int i = 2; i <= 100; ++i) {
312 std::string query =
313 "INSERT INTO sensitive_data (id, ssn, credit_card) VALUES (" +
314 std::to_string(i) + ", '" +
315 std::to_string(100 + i) + "-45-6789', '4" +
316 std::string(15, '1' + (i % 9)) + "')";
317 db_->execute_query(query);
318 }
319
320 // Query all data
321 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
322 ASSERT_TRUE(query_result.is_ok());
323 ASSERT_GE(query_result.value().size(), 100u);
324
325 // If an error occurs, none of this data should appear in messages
326 SUCCEED() << "Large datasets require careful error message construction";
327#else
328 GTEST_SKIP() << "SQLite not available";
329#endif
330}
331
332//=============================================================================
333// Memory Security Tests
334//=============================================================================
335
340TEST_F(DataMaskingTest, SensitiveDataClearedFromResult) {
341#ifdef USE_SQLITE
342 {
343 auto query_result = db_->select_query("SELECT * FROM sensitive_data");
344 ASSERT_TRUE(query_result.is_ok());
345 auto result = query_result.value();
346 ASSERT_FALSE(result.empty());
347
348 // Clear the result
349 result.clear();
350
351 // After clearing, result should be empty
352 EXPECT_TRUE(result.empty());
353 }
354
355 // After scope exit, the data should be fully destroyed
356 // Actual memory verification requires external tools
357 SUCCEED() << "Result objects support clearing sensitive data";
358#else
359 GTEST_SKIP() << "SQLite not available";
360#endif
361}
362
367TEST_F(DataMaskingTest, StringValueSecureClearing) {
368 // This documents the security requirement for clearing sensitive strings
369 // Actual implementation should use secure_clear or similar
370
371 std::string sensitive = "my_secret_password";
372
373 // Standard clear() doesn't securely erase memory
374 // Secure implementation should overwrite before deallocation
375 sensitive.clear();
376
377 // Document this security consideration
378 SUCCEED() << "SECURITY NOTE: Use secure memory clearing for sensitive strings. "
379 << "std::string::clear() does not securely erase memory.";
380}
381
382//=============================================================================
383// Logging Level Security Tests
384//=============================================================================
385
390TEST_F(DataMaskingTest, DebugLogLevelDoesNotExposeSecrets) {
391 // Even in debug mode, sensitive data should be masked
392 // This is a design principle test
393
394 SUCCEED() << "All log levels should mask sensitive data, including DEBUG";
395}
396
401TEST_F(DataMaskingTest, ErrorLogMasksSensitiveContext) {
402#ifdef USE_SQLITE
403 std::stringstream captured;
404 std::streambuf* original = std::cerr.rdbuf(captured.rdbuf());
405
406 // Trigger an error after querying sensitive data
407 db_->select_query("SELECT * FROM sensitive_data");
408 db_->execute_query("INVALID SYNTAX");
409
410 std::cerr.rdbuf(original);
411 std::string error_output = captured.str();
412
413 // Error log should not contain sensitive data
414 EXPECT_FALSE(containsSensitiveData(error_output))
415 << "Sensitive data in error log: " << error_output;
416#else
417 GTEST_SKIP() << "SQLite not available";
418#endif
419}
420
421//=============================================================================
422// Data Redaction Tests
423//=============================================================================
424
429TEST_F(DataMaskingTest, CreditCardMaskingFormat) {
430 // Credit cards should be masked as: ****-****-****-1234
431 std::string full_cc = "4111111111111111";
432 std::string masked_cc = "****-****-****-1111"; // Last 4 visible
433
434 // Verify masking maintains last 4 digits
435 EXPECT_EQ(full_cc.substr(full_cc.length() - 4), "1111");
436
437 SUCCEED() << "Credit cards should be masked to show only last 4 digits";
438}
439
444TEST_F(DataMaskingTest, SSNMaskingFormat) {
445 // SSN should be masked as: ***-**-6789
446 std::string full_ssn = "123-45-6789";
447 std::string masked_ssn = "***-**-6789"; // Last 4 visible
448
449 SUCCEED() << "SSN should be masked to show only last 4 digits";
450}
DataMaskingTest
Test fixture for data masking security tests.
Definition data_masking_test.cpp:34
DataMaskingTest::SetUp
void SetUp() override
Definition data_masking_test.cpp:38
DataMaskingTest::TearDown
void TearDown() override
Definition data_masking_test.cpp:68
DataMaskingTest::db_
std::unique_ptr< sqlite_backend > db_
Definition data_masking_test.cpp:36
DataMaskingTest::containsSensitiveData
bool containsSensitiveData(const std::string &str)
Helper to check if string contains any sensitive patterns.
Definition data_masking_test.cpp:77
database::query_builder
Universal query builder that adapts to different database types.
Definition query_builder.h:105
database::query_builder::select
query_builder & select(const std::vector< std::string > &columns)
Definition query_builder.cpp:179
database::query_builder::build
std::string build() const
Definition query_builder.cpp:357
database::query_builder::where
query_builder & where(const std::string &field, const std::string &op, const core::database_value &value)
Definition query_builder.cpp:197
TEST_F
TEST_F(DataMaskingTest, QueryResultsNotLeakedInExceptions)
Tests that query results don't appear in exception messages.
Definition data_masking_test.cpp:105
database_backend.h
Abstract interface for database backends.
query_builder.h
sqlite_backend.h
SQLite database backend plugin implementation.
database::core::connection_config
Configuration for database connection.
Definition database_backend.h:51
database::core::connection_config::database
std::string database
Definition database_backend.h:54
ASSERT_TRUE
#define ASSERT_TRUE(condition, message)
Definition test_connection_string_builder.cpp:25
ASSERT_FALSE
#define ASSERT_FALSE(condition, message)
Definition test_connection_string_builder.cpp:35