regscale-cli 6.20.8.0__py3-none-any.whl → 6.20.9.0__py3-none-any.whl

{regscale_cli-6.20.8.0.dist-info → regscale_cli-6.20.9.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: regscale-cli
-Version: 6.20.8.0
+Version: 6.20.9.0
 Summary: Command Line Interface (CLI) for bulk processing/loading data into RegScale
 Home-page: https://github.com/RegScale/regscale-cli
 Author: Travis Howerton

{regscale_cli-6.20.8.0.dist-info → regscale_cli-6.20.9.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 regscale/__init__.py,sha256=ZygAIkX6Nbjag1czWdQa-yP-GM1mBE_9ss21Xh__JFc,34
-regscale/_version.py,sha256=aXLddsHksLv_jqag1IjPFcn2x1LxmKgREyfyqpttkPo,1198
+regscale/_version.py,sha256=gKT5YQ9lUTUBh7pTS4c88lS7iYu1716siI0f5SPm0uc,1198
 regscale/regscale.py,sha256=xcxnTwEwWgfO3Fnp0LVo32SZCJzAswq3WDZgm21nHnI,30914
 regscale/airflow/__init__.py,sha256=yMwN0Bz4JbM0nl5qY_hPegxo_O2ilhTOL9PY5Njhn-s,270
 regscale/airflow/click_dags.py,sha256=H3SUR5jkvInNMv1gu-VG-Ja_H-kH145CpQYNalWNAbE,4520
@@ -36,7 +36,7 @@ regscale/core/lazy_group.py,sha256=S2-nA5tzm47A929NOTqGkzrzKuZQDlq2OAPbNnG1W1Q,2
 regscale/core/login.py,sha256=-8vy1HVAtv1iARnZh6uzYtwmx8VFYPwLYR0QAf1ttCk,2714
 regscale/core/app/__init__.py,sha256=nGcCN1vWBAnZzoccIlt0jwWQdegCOrBWOB7LPhQkQSs,96
 regscale/core/app/api.py,sha256=CSyUCV6haBAQ9IyE1FViJcAfTcoS5GJRaULwnRoAV9U,23499
-regscale/core/app/application.py,sha256=SWqDm2JiF62OCv3dMG1OS_5WPKAqWwFC9y9nrqIUX9o,28737
+regscale/core/app/application.py,sha256=6EHkTkx9u9Y1CBz6HYJMGbui4S2Nq8kqIngZfnWkZfg,31407
 regscale/core/app/logz.py,sha256=8AdBKmquv45JGi5fCMc38JqQg6-FpUONGmqfd5EGwrI,2583
 regscale/core/app/internal/__init__.py,sha256=rod4nmE7rrYDdbuYF4mCWz49TK_2r-v4tWy1UHW63r0,4808
 regscale/core/app/internal/admin_actions.py,sha256=hOdma7QGwFblmxEj9UTjiWWmZGUS5_ZFtxL2qZdhf-Q,7443
@@ -341,7 +341,7 @@ regscale/models/integration_models/flat_file_importer/__init__.py,sha256=Z-Gzk6v
 regscale/models/integration_models/sbom/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 regscale/models/integration_models/sbom/cyclone_dx.py,sha256=0pFR0BWBrF5c8_cC_8mj2MXvNOMHOdHbBYXvTVfFAh8,4058
 regscale/models/integration_models/synqly_models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-regscale/models/integration_models/synqly_models/capabilities.json,sha256=e9dO4myvbF-eRhIAepZXXU1CjEp1gJKxhGqDojk15KU,356660
+regscale/models/integration_models/synqly_models/capabilities.json,sha256=kpHT6EWkFvjSmCOj1UErmPPIPuLhh-AjUjtvAewX36s,356796
 regscale/models/integration_models/synqly_models/connector_types.py,sha256=8nxptkTexpskySnmL0obNAff_iu_fx6tJ7i1-4hJvao,461
 regscale/models/integration_models/synqly_models/ocsf_mapper.py,sha256=e2kTOhWSNRnzbgMchMx-7c21pCgSv2DqWnxvajKEKJM,16960
 regscale/models/integration_models/synqly_models/param.py,sha256=Xt5Zm6lC_VkLj7LF2qXo72TJZHysqttsp5ai0NCf1po,2643
@@ -492,7 +492,7 @@ tests/regscale/test_authorization.py,sha256=fls5ODCYiu0DdkwXFepO_GM-BP6tRaPmMCZW
 tests/regscale/test_init.py,sha256=O_3Dh7s7ObycIZyd0-Y10NCTKdGnrnotcpU6CUB5pno,4180
 tests/regscale/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/regscale/core/test_api.py,sha256=25AsIT-jg8SrlkPeynUwwm4PvTOrHcRO2Ba_omnNLUY,7512
-tests/regscale/core/test_app.py,sha256=8HvRRD37pI_x4VjXyjs1g7JWXr-jFIbK_lYst4tLXjI,18922
+tests/regscale/core/test_app.py,sha256=naFMgYRXWSHmYghhd8zsRJf1MsZwu0F1DClujmp-gtU,40593
 tests/regscale/core/test_login.py,sha256=Kl7ySS8JU7SzhmupaDexeUH8VOMjtMRJvW8-CimxHqU,1166
 tests/regscale/core/test_logz.py,sha256=Yf6tAthETLlYOEp3hee3ovDw-WnZ_6fTw3e1rjx4xSw,2621
 tests/regscale/core/test_sbom_generator.py,sha256=lgzo1HRbkNIIDZIeKiM2JbbIYQsak0BpU0GlvbrcexM,2935
@@ -518,9 +518,9 @@ tests/regscale/models/test_regscale_model.py,sha256=ZsrEZkC4EtdIsoQuayn1xv2gEGcV
 tests/regscale/models/test_report.py,sha256=eiSvS_zS0aVeL0HBvtmHVvEzcfF9ZFVn2twj5g8KttY,970
 tests/regscale/models/test_tenable_integrations.py,sha256=PNJC2Zu6lv1xj7y6e1yOsz5FktSU3PRKb5x3n5YG3w0,4072
 tests/regscale/models/test_user_model.py,sha256=e9olv28qBApgnvK6hFHOgXjUC-pkaV8aGDirEIWASL4,4427
-regscale_cli-6.20.8.0.dist-info/LICENSE,sha256=ytNhYQ9Rmhj_m-EX2pPq9Ld6tH5wrqqDYg-fCf46WDU,1076
-regscale_cli-6.20.8.0.dist-info/METADATA,sha256=8r3zKQbqO3RijflyHEAEzijvbRq8H7nyXd4fndzlASo,34955
-regscale_cli-6.20.8.0.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-regscale_cli-6.20.8.0.dist-info/entry_points.txt,sha256=cLOaIP1eRv1yZ2u7BvpE3aB4x3kDrDwkpeisKOu33z8,269
-regscale_cli-6.20.8.0.dist-info/top_level.txt,sha256=Uv8VUCAdxRm70bgrD4YNEJUmDhBThad_1aaEFGwRByc,15
-regscale_cli-6.20.8.0.dist-info/RECORD,,
+regscale_cli-6.20.9.0.dist-info/LICENSE,sha256=ytNhYQ9Rmhj_m-EX2pPq9Ld6tH5wrqqDYg-fCf46WDU,1076
+regscale_cli-6.20.9.0.dist-info/METADATA,sha256=JMEea5DFwZ0PLNWKrLxGzq6yKwrMCWTrp5qPxYCydR4,34955
+regscale_cli-6.20.9.0.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+regscale_cli-6.20.9.0.dist-info/entry_points.txt,sha256=cLOaIP1eRv1yZ2u7BvpE3aB4x3kDrDwkpeisKOu33z8,269
+regscale_cli-6.20.9.0.dist-info/top_level.txt,sha256=Uv8VUCAdxRm70bgrD4YNEJUmDhBThad_1aaEFGwRByc,15
+regscale_cli-6.20.9.0.dist-info/RECORD,,

tests/regscale/core/test_app.py

@@ -54,29 +54,31 @@ class TestApplication:
     def test_fetch_config_from_regscale_success(self, mock_get, mock_parse_user_id):
         mock_parse_user_id.return_value = "test_user_id"
         mock_response = MagicMock()
-        mock_response.json.return_value = {"cliConfig": "key: value"}
+        mock_response.json.return_value = '{"key": "value"}'
         mock_get.return_value = mock_response
-        config = self.app._fetch_config_from_regscale(config=self.app.config)
-        assert "domain" in config
-        assert config["userId"] == "test_user_id"
-        assert config["key"] == "value"
+        with patch.object(self.app, "_decrypt_config", return_value='{"key": "value"}'):
+            config = self.app._fetch_config_from_regscale(config=self.app.config)
+            assert "domain" in config
+            assert config["userId"] == "test_user_id"
+            assert config["key"] == "value"
 
     @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
     @patch("requests.get")
     def test_fetch_config_from_regscale_success_with_envars(self, mock_get, mock_parse_user_id):
         mock_parse_user_id.return_value = "test_user_id"
         mock_response = MagicMock()
-        mock_response.json.return_value = {"cliConfig": "key: value"}
+        mock_response.json.return_value = '{"key": "value"}'
         mock_get.return_value = mock_response
         envars = os.environ.copy()
         envars["REGSCALE_DOMAIN"] = self.test_domain
         envars["REGSCALE_TOKEN"] = self.test_token
         with patch.dict(os.environ, envars, clear=True):
-            config = self.app._fetch_config_from_regscale(config={})
-            assert config["domain"] == self.test_domain
-            assert config["token"] == self.test_token
-            assert config["userId"] == "test_user_id"
-            assert config["key"] == "value"
+            with patch.object(self.app, "_decrypt_config", return_value='{"key": "value"}'):
+                config = self.app._fetch_config_from_regscale(config={})
+                assert config["domain"] == self.test_domain
+                assert config["token"] == self.test_token
+                assert config["userId"] == "test_user_id"
+                assert config["key"] == "value"
 
     @patch("requests.get")
     def test_fetch_config_from_regscale_failure(self, mock_get):
@@ -88,12 +90,396 @@ class TestApplication:
         envars["REGSCALE_DOMAIN"] = self.test_domain
         envars["REGSCALE_TOKEN"] = self.test_token
         with patch.dict(os.environ, envars, clear=True):
-            empty_config = self.app._fetch_config_from_regscale()
-            assert empty_config == {}
             with patch.object(self.app.logger, "error") as mock_logger_error:
-                config = self.app._fetch_config_from_regscale(config=self.app.config)
-                mock_logger_error.assert_called_once()
-                assert config == {}
+                empty_config = self.app._fetch_config_from_regscale()
+                assert empty_config == {}
+                mock_logger_error.assert_called()
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_unencrypted_dict(self, mock_get, mock_parse_user_id):
+        """Test the case where the response is already a dictionary (not encrypted)"""
+        mock_parse_user_id.return_value = "test_user_id"
+        mock_response = MagicMock()
+        mock_response.json.return_value = {"key": "value", "userId": "test_user_id"}
+        mock_get.return_value = mock_response
+        config = self.app._fetch_config_from_regscale(config=self.app.config)
+        assert "domain" in config
+        assert config["userId"] == "test_user_id"
+        assert config["key"] == "value"
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_no_cli_config(self, mock_get, mock_parse_user_id):
+        """Test error handling when the cliConfig field is missing from the response"""
+        mock_parse_user_id.return_value = "test_user_id"
+        mock_response = MagicMock()
+        mock_response.json.return_value = ""
+        mock_get.return_value = mock_response
+        with patch.object(self.app.logger, "warning") as mock_logger_warning:
+            config = self.app._fetch_config_from_regscale(config={})
+            mock_logger_warning.assert_called_once()
+            assert config == {}
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_with_existing_user_id(self, mock_get, mock_parse_user_id):
+        """Test that existing userId in response is preserved"""
+        mock_response = MagicMock()
+        mock_response.json.return_value = '{"key": "value", "userId": "existing_user"}'
+        mock_get.return_value = mock_response
+
+        with patch.object(self.app, "_decrypt_config", return_value='{"key": "value", "userId": "existing_user"}'):
+            config = self.app._fetch_config_from_regscale(config=self.app.config)
+            assert config["userId"] == "existing_user"
+            # parse_user_id_from_jwt should not be called since userId already exists
+            mock_parse_user_id.assert_not_called()
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_empty_response(self, mock_get, mock_parse_user_id):
+        """Test handling of empty response"""
+        mock_response = MagicMock()
+        mock_response.json.return_value = {}
+        mock_get.return_value = mock_response
+
+        with patch.object(self.app.logger, "warning") as mock_logger_warning:
+            config = self.app._fetch_config_from_regscale(config=self.app.config)
+            assert config == {}
+            mock_logger_warning.assert_called_once()
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_no_token(self, mock_get, mock_parse_user_id):
+        """Test handling when no token is provided"""
+        envars = os.environ.copy()
+        envars.pop("REGSCALE_TOKEN", None)
+        envars.pop("REGSCALE_DOMAIN", None)
+
+        with patch.dict(os.environ, envars, clear=True):
+            config = self.app._fetch_config_from_regscale(config={})
+            assert config == {}
+            mock_get.assert_not_called()
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_no_domain(self, mock_get, mock_parse_user_id):
+        """Test handling when no domain is provided"""
+        envars = os.environ.copy()
+        envars["REGSCALE_TOKEN"] = self.test_token
+        envars.pop("REGSCALE_DOMAIN", None)
+
+        with patch.dict(os.environ, envars, clear=True):
+            with patch.object(self.app, "retrieve_domain", return_value="https://default.com"):
+                _ = self.app._fetch_config_from_regscale(config={})
+                # Should still attempt to make the request with default domain
+                mock_get.assert_called_once()
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_request_exception(self, mock_get, mock_parse_user_id):
+        """Test handling of request exceptions"""
+        mock_get.side_effect = Exception("Network error")
+
+        with patch.object(self.app.logger, "error") as mock_logger_error:
+            config = self.app._fetch_config_from_regscale(config=self.app.config)
+            assert config == {}
+            mock_logger_error.assert_called_once()
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_correct_endpoint(self, mock_get, mock_parse_user_id):
+        """Test that the correct API endpoint is called"""
+        mock_parse_user_id.return_value = "test_user_id"
+        mock_response = MagicMock()
+        mock_response.json.return_value = {"cliConfig": '{"key": "value"}'}
+        mock_get.return_value = mock_response
+
+        with patch.object(self.app, "_decrypt_config", return_value='{"key": "value"}'):
+            self.app._fetch_config_from_regscale(config=self.app.config)
+
+            # Verify the correct endpoint was called
+            mock_get.assert_called_once()
+            call_args = mock_get.call_args
+            assert "/api/tenants/getDetailedCliConfig" in call_args[1]["url"]
+
+    @patch("regscale.core.app.internal.login.parse_user_id_from_jwt")
+    @patch("requests.get")
+    def test_fetch_config_from_regscale_headers_verification(self, mock_get, mock_parse_user_id):
+        """Test that the correct headers are sent with the request"""
+        mock_parse_user_id.return_value = "test_user_id"
+        mock_response = MagicMock()
+        mock_response.json.return_value = {"cliConfig": '{"key": "value"}'}
+        mock_get.return_value = mock_response
+
+        with patch.object(self.app, "_decrypt_config", return_value='{"key": "value"}'):
+            self.app._fetch_config_from_regscale(config=self.app.config)
+
+            # Verify the correct headers were sent
+            mock_get.assert_called_once()
+            call_args = mock_get.call_args
+            headers = call_args[1]["headers"]
+            assert headers["Content-Type"] == "application/json"
+            assert headers["Accept"] == "application/json"
+            assert headers["Authorization"] == self.app.config.get("token")
+
+    def test_fetch_config_from_regscale_json_decode_error(self):
+        """Test handling of JSON decode errors in decrypted config"""
+        mock_response = MagicMock()
+        mock_response.json.return_value = {"cliConfig": "encrypted_data"}
+
+        with patch("requests.get", return_value=mock_response):
+            with patch.object(self.app, "_decrypt_config", return_value="invalid json"):
+                with patch.object(self.app.logger, "error") as mock_logger_error:
+                    config = self.app._fetch_config_from_regscale(config=self.app.config)
+                    assert config == {}
+                    mock_logger_error.assert_called_once()
+
+    def test_decrypt_config(self):
+        """Test the _decrypt_config method with a mock encrypted string"""
+        # Mock the cryptography imports
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.side_effect = [
+                            b"iv_data_cipher_text",  # First call for combined data
+                            b"key_data",  # Second call for token
+                        ]
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        mock_decryptor.update.return_value = b'{"key": "value"}'
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        # Test the method
+                        result = self.app._decrypt_config(
+                            "encrypted_string", os.getenv("REGSCALE_TOKEN", self.app.config["token"])
+                        )
+
+                        # Verify the result
+                        assert result == '{"key": "value"}'
+
+                        # Verify the mocks were called correctly
+                        mock_b64decode.assert_called()
+                        mock_sha256.assert_called_once()
+                        mock_cipher.assert_called_once()
+
+    def test_decrypt_config_with_trailing_characters(self):
+        """Test the _decrypt_config method handles trailing control characters"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.side_effect = [
+                            b"iv_data_cipher_text",  # First call for combined data
+                            b"key_data",  # Second call for token
+                        ]
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        # Simulate decrypted data with trailing control characters
+                        mock_decryptor.update.return_value = b'{"key": "value"}\x00\x08\x07'
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        # Test the method
+                        result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+
+                        # Verify the result is cleaned
+                        assert result == '{"key": "value"}'
+
+    def test_decrypt_config_invalid_base64(self):
+        """Test _decrypt_config with invalid base64 input"""
+        with patch("base64.b64decode", side_effect=Exception("Invalid base64")):
+            with patch.object(self.app.logger, "error") as mock_logger_error:
+                result = self.app._decrypt_config("invalid_base64", "Bearer test_token")
+                # Should raise an exception that gets caught by the calling method
+                assert result is None or mock_logger_error.called
+                assert mock_logger_error.call_count == 1
+
+    def test_decrypt_config_short_data(self):
+        """Test _decrypt_config with data too short for IV extraction"""
+        with patch("base64.b64decode", return_value=b"short"):
+            with patch.object(self.app.logger, "error") as mock_logger_error:
+                result = self.app._decrypt_config("short_data", "Bearer test_token")
+                # Should handle the short data gracefully
+                assert result is None or mock_logger_error.called
+
+    def test_decrypt_config_decryption_failure(self):
+        """Test _decrypt_config when decryption fails"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.return_value = b"iv_data_cipher_text"
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_cipher.side_effect = Exception("Decryption failed")
+
+                        with patch.object(self.app.logger, "error") as mock_logger_error:
+                            result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+                            # Should handle decryption failure gracefully
+                            assert result is None or mock_logger_error.called
+                            assert mock_logger_error.call_count == 1
+
+    def test_decrypt_config_unicode_decode_error(self):
+        """Test _decrypt_config when UTF-8 decode fails"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.return_value = b"iv_data_cipher_text"
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        # Return bytes that can't be decoded as UTF-8
+                        mock_decryptor.update.return_value = b"\xff\xfe\xfd"
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        with patch.object(self.app.logger, "error") as mock_logger_error:
+                            result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+                            # Should handle decode error gracefully
+                            assert result is None or mock_logger_error.called
+
+    def test_decrypt_config_multiple_null_bytes(self):
+        """Test _decrypt_config with multiple trailing null bytes"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.return_value = b"iv_data_cipher_text"
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        # Simulate decrypted data with multiple null bytes
+                        mock_decryptor.update.return_value = b'{"key": "value"}\x00\x08\x07\x0f\x1b\x1c\x1d'
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        # Test the method
+                        result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+
+                        # Verify the result is cleaned
+                        assert result == '{"key": "value"}'
+
+    def test_decrypt_config_mixed_trailing_characters(self):
+        """Test _decrypt_config with mixed trailing characters"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.return_value = b"iv_data_cipher_text"
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        # Simulate decrypted data with mixed trailing characters
+                        mock_decryptor.update.return_value = b'{"key": "value"} \t\n\r\x00\x08\x07\x0f'
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        # Test the method
+                        result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+
+                        # Verify the result is cleaned
+                        assert result == '{"key": "value"} '
+
+    def test_decrypt_config_with_trailing_backslash(self):
+        """Test _decrypt_config with trailing backslash and characters after it"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.return_value = b"iv_data_cipher_text"
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        # Simulate decrypted data with trailing backslash and characters
+                        mock_decryptor.update.return_value = b'{"key": "value"}\\abc123'
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        # Test the method
+                        result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+
+                        # Verify the result is cleaned - should remove \abc123
+                        assert result == '{"key": "value"}'
+
+    def test_decrypt_config_with_multiple_backslashes(self):
+        """Test _decrypt_config with multiple backslashes in the string"""
+        with patch("cryptography.hazmat.primitives.ciphers.Cipher") as mock_cipher:
+            with patch("cryptography.hazmat.backends.default_backend") as mock_backend:
+                with patch("base64.b64decode") as mock_b64decode:
+                    with patch("hashlib.sha256") as mock_sha256:
+                        # Setup mocks
+                        mock_backend.return_value = "backend"
+                        mock_b64decode.return_value = b"iv_data_cipher_text"
+                        mock_sha256_instance = MagicMock()
+                        mock_sha256_instance.digest.return_value = b"key" * 8  # 32 bytes for AES-256
+                        mock_sha256.return_value = mock_sha256_instance
+
+                        mock_decryptor = MagicMock()
+                        # Simulate decrypted data with multiple backslashes but only remove trailing one
+                        mock_decryptor.update.return_value = b'{"key": "value\\nested"}\\trailing'
+                        mock_decryptor.finalize.return_value = b""
+
+                        mock_cipher_instance = MagicMock()
+                        mock_cipher_instance.decryptor.return_value = mock_decryptor
+                        mock_cipher.return_value = mock_cipher_instance
+
+                        # Test the method
+                        result = self.app._decrypt_config("encrypted_string", "Bearer test_token")
+
+                        # Verify the result - should keep nested backslash but remove trailing one
+                        assert result == '{"key": "value\\nested"}'
 
     def test_gen_config(self):
         self.app.local_config = True