tests are passing well now
This commit is contained in:
filipriec
@@ -58,18 +58,33 @@ fn test_memory_exhaustion_protection() {
|
||||
#[case("\\x00\\x01\\x02")] // Null bytes and control chars
|
||||
fn test_variable_name_injection(#[case] malicious_var: &str) {
|
||||
let parser = ScriptParser::new();
|
||||
|
||||
// Attempt injection through variable name
|
||||
let expr = format!("(+ ${} 1)", malicious_var);
|
||||
let transformed = parser.transform(&expr);
|
||||
|
||||
|
||||
// Should transform without executing malicious code
|
||||
assert!(transformed.contains("get-var"));
|
||||
assert!(transformed.contains(malicious_var));
|
||||
|
||||
// Should extract as dependency without side effects
|
||||
|
||||
// Extract what the parser actually captured as the variable name
|
||||
let deps = parser.extract_dependencies(&expr);
|
||||
assert!(deps.contains(malicious_var));
|
||||
assert!(!deps.is_empty(), "Should extract at least one dependency");
|
||||
|
||||
// The captured variable name should be in the transformed output
|
||||
let captured_var = deps.iter().next().unwrap();
|
||||
assert!(transformed.contains(captured_var));
|
||||
|
||||
// Security check: For inputs with dangerous characters (spaces, parens),
|
||||
// verify that the parser truncated the variable name safely
|
||||
if malicious_var.contains(' ') || malicious_var.contains('(') || malicious_var.contains(')') {
|
||||
// Variable should be truncated, not the full malicious string
|
||||
assert_ne!(captured_var, malicious_var,
|
||||
"Parser should truncate variable names with dangerous characters");
|
||||
assert!(!transformed.contains(malicious_var),
|
||||
"Full malicious string should not appear in transformed output");
|
||||
} else {
|
||||
// If no dangerous characters, full variable name should be preserved
|
||||
assert_eq!(captured_var, malicious_var);
|
||||
}
|
||||
}
|
||||
|
||||
// Test malicious Steel expressions
|
||||
|
||||
Reference in New Issue
Block a user