"""敏感信息过滤测试。"""

import pytest
from butler.security.sanitizer import sanitize_output


def test_sanitize_password():
    """过滤密码。"""
    output = "password=secret123"
    assert sanitize_output(output) == "password=[REDACTED]"

    output = "export DB_PASSWORD=mysecretpass"
    assert "[REDACTED]" in sanitize_output(output)


def test_sanitize_api_key():
    """过滤 API Key。"""
    output = "api_key=sk-1234567890abcdef"
    assert sanitize_output(output) == "api_key=[REDACTED]"

    output = "API_KEY = my_secret_key"
    assert "[REDACTED]" in sanitize_output(output)


def test_sanitize_bearer_token():
    """过滤 Bearer Token。"""
    output = "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
    assert "[REDACTED]" in sanitize_output(output)


def test_sanitize_private_key():
    """过滤私钥。"""
    output = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA..."
    assert "[REDACTED]" in sanitize_output(output)


def test_sanitize_preserves_safe_content():
    """保留安全内容。"""
    output = "User logged in successfully\nFiles: 10\nDone"
    assert sanitize_output(output) == output


def test_sanitize_multiple_secrets():
    """过滤多个敏感信息。"""
    output = "password=secret1 api_key=key1 token=tok1"
    sanitized = sanitize_output(output)
    assert "[REDACTED]" in sanitized
    assert "secret1" not in sanitized
    assert "key1" not in sanitized