========================================
Phase 3 Security Testing - Linux_Patch_API
========================================

=== SECTION 1: mTLS Enforcement Tests ===

Test 1.1: Non-mTLS connection (should be silently dropped)... [PASS] Non-mTLS connection silently dropped
Test 1.2: Valid mTLS connection with client cert... [PASS] Valid mTLS connection successful
Test 1.3: Self-signed cert (not CA-signed) rejection... [PASS] Self-signed cert rejected

=== SECTION 2: IP Whitelist Enforcement Tests ===

Test 2.1: Whitelisted IP access... [PASS] Whitelisted IP has access

=== SECTION 3: API Endpoint Security Tests ===

Test 3.1: GET /health endpoint... [PASS] Health endpoint responds correctly
Test 3.2: GET /system/info endpoint... [PASS] System info endpoint responds
Test 3.3: GET /packages endpoint... [PASS] Packages endpoint responds
Test 3.4: GET /patches endpoint... [PASS] Patches endpoint responds
Test 3.5: GET /jobs endpoint... [PASS] Jobs endpoint responds

=== SECTION 4: Input Validation & Injection Tests ===

Test 4.1: SQL injection in package name... [FAIL] SQL injection test inconclusive
Test 4.2: Command injection in package name... [FAIL] Command injection test inconclusive
Test 4.3: Path traversal in package name... [FAIL] Path traversal test inconclusive

=== SECTION 5: Certificate Security Tests ===

Test 5.1: Client certificate validity check... Certificate will not expire
[PASS] Client certificate is valid
Test 5.2: TLS 1.3 enforcement... [PASS] TLS 1.3 is enforced

=== SECTION 6: Configuration Security Tests ===

Test 6.1: Config file permissions (should be 600/644)... [PASS] Config file has secure permissions (644)
Test 6.2: Private key permissions (should be 600)... [PASS] Private key has secure permissions (600)

========================================
Security Test Summary
========================================
Passed: 13
Failed: 3
Total Tests: 16

Some security tests failed - review findings