firewall-python/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax_test.py at 5106015455f4571fcbb15b479957797be2e11c37 · AikidoSec/firewall-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import pytest
from .contains_shell_syntax import contains_shell_syntax


def test_detects_shell_syntax():
    assert contains_shell_syntax("", "") is False
    assert contains_shell_syntax("hello", "hello") is False
    assert contains_shell_syntax("\n", "\n") is False
    assert contains_shell_syntax("\n\n", "\n\n") is False

    assert contains_shell_syntax("$(command)", "$(command)") is True
    assert contains_shell_syntax("$(command arg arg)", "$(command arg arg)") is True
    assert contains_shell_syntax("`command`", "`command`") is True
    assert contains_shell_syntax("\narg", "\narg") is True
    assert contains_shell_syntax("\targ", "\targ") is True
    assert contains_shell_syntax("\narg\n", "\narg\n") is True
    assert contains_shell_syntax("arg\n", "arg\n") is True
    assert contains_shell_syntax("arg\narg", "arg\narg") is True
    assert contains_shell_syntax("rm -rf", "rm -rf") is True
    assert contains_shell_syntax("/bin/rm -rf", "/bin/rm -rf") is True
    assert contains_shell_syntax("/bin/rm", "/bin/rm") is True
    assert contains_shell_syntax("/sbin/sleep", "/sbin/sleep") is True
    assert contains_shell_syntax("/usr/bin/kill", "/usr/bin/kill") is True
    assert contains_shell_syntax("/usr/bin/killall", "/usr/bin/killall") is True
    assert contains_shell_syntax("/usr/bin/env", "/usr/bin/env") is True
    assert contains_shell_syntax("/bin/ps", "/bin/ps") is True
    assert contains_shell_syntax("/usr/bin/W", "/usr/bin/W") is True
    assert contains_shell_syntax("lsattr", "lsattr") is True


def test_detects_commands_surrounded_by_separators():
    assert (
        contains_shell_syntax(
            r'find /path/to/search -type f -name "pattern" -exec rm {} \\;', "rm"
        )
        is True
    )


def test_detects_commands_with_separator_before():
    assert (
        contains_shell_syntax(
            'find /path/to/search -type f -name "pattern" | xargs rm', "rm"
        )
        is True
    )


def test_detects_commands_with_separator_after():
    assert contains_shell_syntax("rm arg", "rm") is True


def test_checks_if_same_command_occurs_in_user_input():
    assert contains_shell_syntax("find cp", "rm") is False


def test_treats_colon_as_command():
    assert contains_shell_syntax(":|echo", ":|") is True
    assert (
        contains_shell_syntax("https://www.google.com", "https://www.google.com")
        is False
    )


def test_detects_commands_with_separators():
    assert contains_shell_syntax("rm>arg", "rm") is True


def test_detects_commands_with_separators():
    assert contains_shell_syntax("rm<arg", "rm") is True


def test_empty_command_and_input():
    assert contains_shell_syntax("", "") is False
    assert contains_shell_syntax("", "rm") is False
    assert contains_shell_syntax("rm", "") is False


def test_command_with_special_characters():
    assert contains_shell_syntax("echo $HOME", "echo") is True
    assert contains_shell_syntax("echo $HOME", "$HOME") is True
    assert contains_shell_syntax('echo "Hello World"', "echo") is True
    assert contains_shell_syntax("echo 'Hello World'", "echo") is True


def test_command_with_multiple_separators():
    assert contains_shell_syntax("rm -rf; echo 'done'", "rm") is True
    assert contains_shell_syntax("ls | grep 'test'", "ls") is True
    assert contains_shell_syntax("find . -name '*.txt' | xargs rm", "rm") is True


def test_command_with_path_prefixes():
    assert contains_shell_syntax("/bin/rm -rf /tmp", "/bin/rm") is True
    assert (
        contains_shell_syntax("/usr/bin/killall process_name", "/usr/bin/killall")
        is True
    )
    assert contains_shell_syntax("/sbin/shutdown now", "/sbin/shutdown") is True


def test_command_with_colon():
    assert contains_shell_syntax(":; echo 'test'", ":") is True
    assert contains_shell_syntax("echo :; echo 'test'", ":") is True


def test_command_with_newline_separators():
    assert contains_shell_syntax("echo 'Hello'\nrm -rf /tmp", "rm") is True
    assert contains_shell_syntax("echo 'Hello'\n", "echo") is True


def test_command_with_tabs():
    assert contains_shell_syntax("echo 'Hello'\trm -rf /tmp", "rm") is True
    assert contains_shell_syntax("\techo 'Hello'", "echo") is True


def test_command_with_invalid_input():
    assert contains_shell_syntax("echo 'Hello'", "invalid_command") is False
    assert contains_shell_syntax("ls -l", "rm") is False


def test_command_with_multiple_commands():
    assert contains_shell_syntax("rm -rf; ls -l; echo 'done'", "ls") is True
    assert contains_shell_syntax("echo 'Hello'; rm -rf /tmp", "rm") is True


def test_command_with_no_separators():
    assert contains_shell_syntax("echoHello", "echo") is False
    assert contains_shell_syntax("rmrf", "rm") is False


def test_command_with_dangerous_chars():
    assert contains_shell_syntax("rm -rf; echo 'done'", ";") is True
    assert contains_shell_syntax("echo 'Hello' & rm -rf /tmp", "&") is True
    assert contains_shell_syntax("echo 'Hello' | rm -rf /tmp", "|") is True


def test_command_with_path_and_arguments():
    assert contains_shell_syntax("/usr/bin/ls -l", "/usr/bin/ls") is True
    assert contains_shell_syntax("/bin/cp file1 file2", "/bin/cp") is True


def test_newline_as_separator():
    assert contains_shell_syntax("ls\nrm", "rm") is True
    assert contains_shell_syntax("echo test\nrm -rf /", "rm") is True
    assert contains_shell_syntax("rm\nls", "rm") is True


def test_tab_as_separator():
    assert contains_shell_syntax("ls\trm", "rm") is True
    assert contains_shell_syntax("echo test\trm -rf /", "rm") is True
    assert contains_shell_syntax("rm\tls", "rm") is True


def test_carriage_return_as_separator():
    assert contains_shell_syntax("ls\rrm", "rm") is True
    assert contains_shell_syntax("echo test\rrm -rf /", "rm") is True
    assert contains_shell_syntax("rm\rls", "rm") is True


def test_form_feed_as_separator():
    assert contains_shell_syntax("ls\frm", "rm") is True
    assert contains_shell_syntax("echo test\frm -rf /", "rm") is True
    assert contains_shell_syntax("rm\fls", "rm") is True