added some regex based checks for dangerous commands (#38)

2026-01-07 00:14:23 +01:00 · 2024-09-03 21:10:08 -07:00
parent bdee4f7ebd
commit 466ce2375c
3 changed files with 64 additions and 3 deletions
--- a/tests/utils/test_check_shell_command.py
+++ b/tests/utils/test_check_shell_command.py
@@ -0,0 +1,27 @@
+import pytest
+from goose.utils.check_shell_command import is_dangerous_command
+
+
+@pytest.mark.parametrize(
+    "command",
+    [
+        "rm -rf /",
+        "git push origin master",
+        "sudo reboot",
+        "mv /etc/passwd /tmp/",
+        "chmod 777 /etc/passwd",
+        "chown root:root /etc/passwd",
+        "mkfs -t ext4 /dev/sda1",
+        "systemctl stop nginx",
+        "reboot",
+        "shutdown now",
+        "echo hello > ~/.bashrc",
+    ],
+)
+def test_dangerous_commands(command):
+    assert is_dangerous_command(command)
+
+
+@pytest.mark.parametrize("command", ["ls -la", 'echo "Hello World"', "cp ~/folder/file.txt /tmp/"])
+def test_safe_commands(command):
+    assert not is_dangerous_command(command)