nevaforget
db05df36d4
- Password wiping after PAM auth (bytearray zeroed) - TOML config loading (/etc/moonlock/ and ~/.config/moonlock/) - Config controls fingerprint_enabled and background_path - Integration tests for password/fingerprint auth flows - Security tests for bypass prevention and data cleanup - 51 tests passing
25 lines
795 B
Python
25 lines
795 B
Python
# ABOUTME: Tests for security-related functionality.
|
|
# ABOUTME: Verifies password wiping, PAM cleanup, and lockscreen bypass prevention.
|
|
|
|
from moonlock.auth import _wipe_bytes
|
|
|
|
|
|
class TestPasswordWiping:
|
|
"""Tests for sensitive data cleanup."""
|
|
|
|
def test_wipe_bytes_zeroes_bytearray(self):
|
|
data = bytearray(b"secretpassword")
|
|
_wipe_bytes(data)
|
|
assert data == bytearray(len(b"secretpassword"))
|
|
assert all(b == 0 for b in data)
|
|
|
|
def test_wipe_bytes_handles_empty(self):
|
|
data = bytearray(b"")
|
|
_wipe_bytes(data)
|
|
assert data == bytearray(b"")
|
|
|
|
def test_wipe_bytes_handles_bytes_gracefully(self):
|
|
# Regular bytes are immutable, wipe should be a no-op
|
|
data = b"secret"
|
|
_wipe_bytes(data) # should not raise
|