Spec 423 security compliance readiness pack implementation. Head commit: c49acba7.
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #490
92 lines
3.4 KiB
PHP
92 lines
3.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Services\TenantConfiguration\SecurityComplianceRenderableSummaryBuilder;
|
|
|
|
it('Spec423 renders operator-safe Security and Compliance summaries', function (string $canonicalType, array $payload, string $resourceType, string $expectedText): void {
|
|
$summary = app(SecurityComplianceRenderableSummaryBuilder::class)->build($canonicalType, $payload, [
|
|
'claim_state' => 'internal_only',
|
|
'identity_state' => 'stable',
|
|
'last_captured' => 'Jun 30, 2026 07:30 AM',
|
|
]);
|
|
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
|
|
|
|
expect($summary)->toBeArray()
|
|
->and($summary['resource_type'])->toBe($resourceType)
|
|
->and($encoded)->toContain($expectedText)
|
|
->and($encoded)->toContain('internal_only')
|
|
->and($encoded)->toContain('Ready for operator review')
|
|
->and($encoded)->not->toContain('raw_payload')
|
|
->and($encoded)->not->toContain('source_endpoint');
|
|
})->with([
|
|
'retention policy' => [
|
|
'retentionCompliancePolicy',
|
|
[
|
|
'DisplayName' => 'Spec423 Retention',
|
|
'RetentionDuration' => 7,
|
|
'RetentionDurationUnit' => 'Years',
|
|
'DispositionAction' => 'Delete',
|
|
'IncludedLocations' => ['Exchange'],
|
|
],
|
|
'Retention compliance policy',
|
|
'7 Years',
|
|
],
|
|
'label policy' => [
|
|
'labelPolicy',
|
|
[
|
|
'DisplayName' => 'Spec423 Labels',
|
|
'PublishedLabels' => [['displayName' => 'Highly Confidential']],
|
|
'Mandatory' => true,
|
|
],
|
|
'Label policy',
|
|
'Highly Confidential',
|
|
],
|
|
'dlp policy' => [
|
|
'dlpCompliancePolicy',
|
|
[
|
|
'DisplayName' => 'Spec423 DLP',
|
|
'Mode' => 'Enforce',
|
|
'Locations' => ['Exchange'],
|
|
'Rules' => [['Name' => 'Rule', 'Actions' => ['BlockAccess']]],
|
|
],
|
|
'DLP compliance policy',
|
|
'BlockAccess',
|
|
],
|
|
]);
|
|
|
|
it('Spec423 summaries hide raw JSON, provider responses, secrets, fingerprints, and content payloads', function (): void {
|
|
$summary = app(SecurityComplianceRenderableSummaryBuilder::class)->build('dlpCompliancePolicy', [
|
|
'DisplayName' => 'Spec423 DLP',
|
|
'Mode' => 'Enforce',
|
|
'providerResponse' => ['body' => 'spec423-provider-response'],
|
|
'fingerprint' => 'spec423-fingerprint',
|
|
'clientSecret' => 'spec423-render-secret',
|
|
'Rules' => [
|
|
[
|
|
'Name' => 'Rule',
|
|
'Actions' => ['BlockAccess'],
|
|
'DlpIncidentContent' => 'spec423-dlp-incident-content',
|
|
'MailContent' => 'spec423-mail-content',
|
|
'FileContent' => 'spec423-file-content',
|
|
],
|
|
],
|
|
]);
|
|
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
|
|
|
|
expect($summary['redacted_fields'])->toContain(
|
|
'providerResponse',
|
|
'fingerprint',
|
|
'clientSecret',
|
|
'Rules.0.DlpIncidentContent',
|
|
'Rules.0.MailContent',
|
|
'Rules.0.FileContent',
|
|
)
|
|
->and($encoded)->not->toContain('spec423-provider-response')
|
|
->and($encoded)->not->toContain('spec423-fingerprint')
|
|
->and($encoded)->not->toContain('spec423-render-secret')
|
|
->and($encoded)->not->toContain('spec423-dlp-incident-content')
|
|
->and($encoded)->not->toContain('spec423-mail-content')
|
|
->and($encoded)->not->toContain('spec423-file-content');
|
|
});
|