+2

scratch/link-blindness-grep.txt

reviewed

··· 1 1 + $ tail -n 2000 scratch/link-blindness-journal/health/supervisor.log scratch/link-blindness-journal/link/*.log 2>/dev/null | grep -iE 'authorization|bearer |cookie|payload|ca private|BEGIN PRIVATE|client_cert|home_attestation' || echo "no matches" 2 2 + no matches

+102

tests/link/test_privacy_scan.py

reviewed

··· 1 1 + # SPDX-License-Identifier: AGPL-3.0-only 2 2 + # Copyright (c) 2026 sol pbc 3 3 + 4 4 + from __future__ import annotations 5 5 + 6 6 + import base64 7 7 + from pathlib import Path 8 8 + 9 9 + import pytest 10 10 + 11 11 + from tests.link.client import Client 12 12 + from tests.link.live_helpers import ( 13 13 + CONVEY_PASSWORD, 14 14 + RELAY_URL, 15 15 + running_convey_server, 16 16 + running_link_service, 17 17 + runtime_texts, 18 18 + skip_unless_live_relay, 19 19 + ) 20 20 + 21 21 + pytestmark = pytest.mark.integration 22 22 + skip_unless_live_relay() 23 23 + 24 24 + FORBIDDEN_TOKENS = [ 25 25 + "authorization", 26 26 + "bearer ", 27 27 + "cookie", 28 28 + "ca private", 29 29 + "BEGIN PRIVATE", 30 30 + "client_cert", 31 31 + "home_attestation", 32 32 + "x-api-key", 33 33 + "payload", 34 34 + ] 35 35 + 36 36 + 37 37 + @pytest.mark.asyncio 38 38 + @pytest.mark.timeout(60) 39 39 + async def test_privacy_scan(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None: 40 40 + tmp_journal = tmp_path / "journal" 41 41 + tmp_journal.mkdir() 42 42 + monkeypatch.setenv("_SOLSTONE_JOURNAL_OVERRIDE", str(tmp_journal)) 43 43 + 44 44 + capture = None 45 45 + with ( 46 46 + running_convey_server(tmp_journal) as base_url, 47 47 + running_link_service(tmp_journal) as link_capture, 48 48 + ): 49 49 + capture = link_capture 50 50 + identity = Client.pair(base_url, device_label="pytest-device") 51 51 + enrolled = Client.enroll_device(RELAY_URL, identity) 52 52 + 53 53 + session = await Client.dial(RELAY_URL, enrolled) 54 54 + async with session: 55 55 + auth = base64.b64encode(f":{CONVEY_PASSWORD}".encode("utf-8")).decode( 56 56 + "ascii" 57 57 + ) 58 58 + status, headers, _body = await session.request( 59 59 + "GET", 60 60 + "/app/link/api/status", 61 61 + headers={"authorization": f"Basic {auth}"}, 62 62 + ) 63 63 + assert status == 200 64 64 + assert headers["content-type"] == "application/json" 65 65 + 66 66 + assert capture is not None 67 67 + texts = runtime_texts(tmp_journal, capture) 68 68 + dynamic_tokens = [ 69 69 + identity.home_attestation, 70 70 + enrolled.device_token, 71 71 + identity.client_cert_pem[:100], 72 72 + identity.home_attestation.split(".")[1], 73 73 + ] 74 74 + 75 75 + for token in FORBIDDEN_TOKENS: 76 76 + _assert_token_absent(texts, token, ignore_case=True) 77 77 + for token in dynamic_tokens: 78 78 + _assert_token_absent(texts, token, ignore_case=False) 79 79 + 80 80 + 81 81 + def _assert_token_absent( 82 82 + texts: dict[str, str], 83 83 + token: str, 84 84 + *, 85 85 + ignore_case: bool, 86 86 + ) -> None: 87 87 + if not token: 88 88 + return 89 89 + needle = token.lower() if ignore_case else token 90 90 + for source, text in texts.items(): 91 91 + haystack = text.lower() if ignore_case else text 92 92 + match_at = haystack.find(needle) 93 93 + if match_at < 0: 94 94 + continue 95 95 + line_start = text.rfind("\n", 0, match_at) + 1 96 96 + line_end = text.find("\n", match_at) 97 97 + if line_end < 0: 98 98 + line_end = len(text) 99 99 + context = text[line_start:line_end] 100 100 + raise AssertionError( 101 101 + f"forbidden token {token!r} found in {source}: {context!r}" 102 102 + )