-
Notifications
You must be signed in to change notification settings - Fork 189
Expand file tree
/
Copy pathsecurity.test.ts
More file actions
182 lines (166 loc) · 5.75 KB
/
Copy pathsecurity.test.ts
File metadata and controls
182 lines (166 loc) · 5.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
import { describe, expect, test } from 'bun:test';
import { validateSQL } from '../agent/utils/sql-validator';
describe('Security Validations', () => {
describe('SQL Injection Prevention', () => {
test('should reject malicious SQL keywords', () => {
const maliciousQueries = [
"SELECT * FROM users; DROP TABLE users; --",
"SELECT * FROM users WHERE id = 1 OR 1=1",
"SELECT * FROM users UNION SELECT password FROM admin",
"SELECT * FROM users; INSERT INTO admin VALUES ('hacker', 'pass')",
"SELECT * FROM users; DELETE FROM logs",
"SELECT * FROM users; UPDATE users SET password = 'hacked'",
"SELECT * FROM users; CREATE TABLE malicious (id INT)",
"SELECT * FROM users; ALTER TABLE users ADD COLUMN hacked VARCHAR(255)",
"SELECT * FROM users; EXEC xp_cmdshell 'net user'",
"SELECT * FROM users; EXECUTE sp_executesql @sql",
"SELECT * FROM users; TRUNCATE TABLE logs",
"SELECT * FROM users; BACKUP DATABASE test TO DISK",
"SELECT * FROM users; RESTORE DATABASE test FROM DISK",
"SELECT * FROM users; GRANT ALL PRIVILEGES ON *.*",
"SELECT * FROM users; REVOKE ALL PRIVILEGES ON *.*",
"SELECT * FROM users; SHOW GRANTS FOR root",
"SELECT * FROM users; SHOW USERS",
"SELECT * FROM users; SYSTEM DROP DATABASE test",
"SELECT * FROM users; ATTACH DATABASE 'test.db' AS test",
"SELECT * FROM users; DETACH DATABASE test",
"SELECT * FROM users; OPTIMIZE TABLE users",
"SELECT * FROM users; CHECK TABLE users",
"SELECT * FROM users; REPAIR TABLE users",
"SELECT * FROM users; ANALYZE TABLE users",
];
for (const query of maliciousQueries) {
expect(validateSQL(query)).toBe(false);
}
});
test('should reject dangerous SQL patterns', () => {
const dangerousPatterns = [
"SELECT * FROM users -- comment",
"SELECT * FROM users /* comment */",
"SELECT * FROM users; SELECT * FROM admin",
"SELECT * FROM users INTO OUTFILE '/tmp/users.txt'",
"SELECT LOAD_FILE('/etc/passwd')",
"SELECT * FROM users INTO DUMPFILE '/tmp/users.txt'",
"SELECT * FROM users; SHOW PROCESSLIST",
"SELECT * FROM INFORMATION_SCHEMA.TABLES",
"SELECT * FROM mysql.user",
"SELECT pg_user FROM pg_stat_activity",
"SELECT * FROM users UNION ALL SELECT * FROM admin",
];
for (const query of dangerousPatterns) {
expect(validateSQL(query)).toBe(false);
}
});
test('should allow safe SELECT queries', () => {
const safeQueries = [
"SELECT id, name FROM users WHERE active = 1",
"SELECT COUNT(*) FROM orders WHERE date > '2023-01-01'",
"SELECT u.name, o.total FROM users u JOIN orders o ON u.id = o.user_id",
"WITH top_users AS (SELECT * FROM users ORDER BY score DESC LIMIT 10) SELECT * FROM top_users",
"SELECT name FROM users WHERE created_at BETWEEN '2023-01-01' AND '2023-12-31'",
];
for (const query of safeQueries) {
expect(validateSQL(query)).toBe(true);
}
});
test('should reject non-SELECT queries', () => {
const nonSelectQueries = [
"INSERT INTO users VALUES (1, 'test')",
"UPDATE users SET name = 'test'",
"DELETE FROM users",
"DROP TABLE users",
"CREATE TABLE test (id INT)",
"ALTER TABLE users ADD COLUMN test VARCHAR(255)",
];
for (const query of nonSelectQueries) {
expect(validateSQL(query)).toBe(false);
}
});
test('should reject overly long queries', () => {
const longQuery = "SELECT * FROM users WHERE " + "a = 1 AND ".repeat(1000) + "b = 2";
expect(validateSQL(longQuery)).toBe(false);
});
test('should handle edge cases', () => {
expect(validateSQL('')).toBe(false);
expect(validateSQL(' ')).toBe(false);
// @ts-ignore - testing invalid input
expect(validateSQL(null)).toBe(false);
// @ts-ignore - testing invalid input
expect(validateSQL(undefined)).toBe(false);
// @ts-ignore - testing invalid input
expect(validateSQL(123)).toBe(false);
});
});
describe('Input Sanitization', () => {
test('should detect XSS patterns', () => {
const xssPatterns = [
"<script>alert('xss')</script>",
"javascript:alert('xss')",
"vbscript:alert('xss')",
"onload=alert('xss')",
"onerror=alert('xss')",
"onclick=alert('xss')",
"onmouseover=alert('xss')",
"eval(alert('xss'))",
"expression(alert('xss'))",
"data:text/html,<script>alert('xss')</script>",
"data:application/javascript,alert('xss')",
"<script>alert('xss')</script>",
"<script>alert('xss')</script>",
];
// These would be caught by our sanitization functions
// Testing that our patterns detect them correctly
const hasXSSPattern = (input: string): boolean => {
const dangerousPatterns = [
/<script/i,
/javascript:/i,
/vbscript:/i,
/onload=/i,
/onerror=/i,
/onclick=/i,
/onmouse/i,
/eval\(/i,
/expression\(/i,
/data:text\/html/i,
/data:application/i,
/&#x/i,
/&#\d/i,
];
return dangerousPatterns.some(pattern => pattern.test(input));
};
for (const pattern of xssPatterns) {
expect(hasXSSPattern(pattern)).toBe(true);
}
});
test('should allow safe input', () => {
const safeInputs = [
"Hello World",
"user@example.com",
"123-456-7890",
"Safe content with normal characters",
"Product Name - Version 1.0",
];
const hasXSSPattern = (input: string): boolean => {
const dangerousPatterns = [
/<script/i,
/javascript:/i,
/vbscript:/i,
/onload=/i,
/onerror=/i,
/onclick=/i,
/onmouse/i,
/eval\(/i,
/expression\(/i,
/data:text\/html/i,
/data:application/i,
/&#x/i,
/&#\d/i,
];
return dangerousPatterns.some(pattern => pattern.test(input));
};
for (const input of safeInputs) {
expect(hasXSSPattern(input)).toBe(false);
}
});
});
});