@@ -35,11 +35,17 @@ def test_hostapd_initialization(self):
3535 self .assertEqual (hostapd .password , 'testpassword' )
3636 self .assertFalse (hostapd .running )
3737
38- def test_hostapd_default_password (self ):
39- """Test hostapd uses default password when none provided ."""
38+ def test_hostapd_open_network_when_no_password (self ):
39+ """With no password, the AP must be OPEN (captive portal requirement) ."""
4040 hostapd = Hostapd ('wlan0' , 'TestNetwork' , 6 )
41-
42- self .assertEqual (hostapd .password , 'temporarypassword123' )
41+
42+ # No passphrase is stored, and the generated config must not enable WPA2
43+ # (otherwise clients couldn't associate to reach the portal).
44+ self .assertIsNone (hostapd .password )
45+ config = hostapd .generate_config ()
46+ self .assertNotIn ('wpa=2' , config )
47+ self .assertNotIn ('wpa_passphrase' , config )
48+ self .assertIn ('auth_algs=1' , config )
4349
4450 def test_hostapd_config_generation (self ):
4551 """Test hostapd configuration file generation."""
@@ -66,8 +72,29 @@ def test_hostapd_config_special_characters(self):
6672 """Test hostapd handles special characters in SSID."""
6773 hostapd = Hostapd ('wlan0' , 'Test Network 2.4GHz' , 6 , 'pass123' )
6874 config = hostapd .generate_config ()
69-
75+
7076 self .assertIn ('ssid=Test Network 2.4GHz' , config )
77+
78+ def test_hostapd_ssid_newline_injection_neutralized (self ):
79+ """A newline in the SSID must not inject hostapd directives."""
80+ # Malicious SSID attempting to append a directive on a new config line.
81+ malicious = 'Evil\n macaddr_acl=1\n ctrl_interface=/tmp/x'
82+ hostapd = Hostapd ('wlan0' , malicious , 6 , 'pass123' )
83+ config = hostapd .generate_config ()
84+
85+ # The injected directives must NOT appear as standalone config lines.
86+ lines = config .split ('\n ' )
87+ self .assertNotIn ('ctrl_interface=/tmp/x' , lines )
88+ # The SSID line must be hex-encoded (ssid2=) rather than a raw ssid=.
89+ self .assertTrue (any (line .startswith ('ssid2=' ) for line in lines ))
90+ self .assertFalse (any (line .startswith ('ssid=Evil' ) for line in lines ))
91+
92+ def test_hostapd_ssid_non_ascii_hex_encoded (self ):
93+ """Non-ASCII SSIDs are emitted as ssid2=<hex> (hostapd-safe)."""
94+ hostapd = Hostapd ('wlan0' , 'Café📶' , 6 , 'pass123' )
95+ config = hostapd .generate_config ()
96+ lines = config .split ('\n ' )
97+ self .assertTrue (any (line .startswith ('ssid2=' ) for line in lines ))
7198
7299 def test_hostapd_config_file_creation (self ):
73100 """Test hostapd creates configuration file."""
0 commit comments