DevOps_Debugger / tests /test_executor.py
printf-sourav's picture
Initial commit
27cdb3e
Raw
History Blame
4.59 kB
"""
Tests for the Docker Executor and Command Safety Checker.
"""
import pytest
from executor.safety import CommandSafetyChecker, SafetyCheckResult
from executor.docker_executor import DockerExecutor, ExecutionResult
class TestCommandSafetyChecker:
"""Tests for the command whitelist/blocklist safety system."""
def setup_method(self):
"""Create a fresh checker for each test."""
self.checker = CommandSafetyChecker()
def test_whitelisted_commands_pass(self):
safe_commands = [
"pip install flask",
"python app.py",
"ls -la /app",
"cat /app/config.py",
"echo hello",
"grep error log.txt",
"ps aux",
"kill 12345",
"curl http://localhost:5000",
"mkdir -p /app/logs",
"sed -i 's/old/new/' file.txt",
"export DATABASE_URL=postgres://...",
]
for cmd in safe_commands:
result = self.checker.check(cmd)
assert result.is_safe, f"Expected '{cmd}' to be safe, got: {result.reason}"
def test_blocklisted_commands_blocked(self):
dangerous_commands = [
"rm -rf /",
"rm -rf /*",
"dd if=/dev/zero of=/dev/sda",
"mkfs.ext4 /dev/sda1",
"chmod 777 /",
]
for cmd in dangerous_commands:
result = self.checker.check(cmd)
assert result.is_blocked, f"Expected '{cmd}' to be blocked"
assert not result.is_safe
def test_sudo_dangerous_blocked(self):
sudo_commands = [
"sudo rm -rf /home",
"sudo dd if=/dev/zero of=/dev/sda",
"sudo shutdown now",
]
for cmd in sudo_commands:
result = self.checker.check(cmd)
assert result.is_blocked, f"Expected '{cmd}' to be blocked"
def test_unknown_commands_rejected(self):
unknown_commands = [
"custom_script",
"malware_tool",
"nc -l 4444",
]
for cmd in unknown_commands:
result = self.checker.check(cmd)
assert not result.is_safe, f"Expected '{cmd}' to be rejected"
assert not result.is_whitelisted
def test_empty_command_rejected(self):
result = self.checker.check("")
assert not result.is_safe
def test_pipe_commands_check_first_part(self):
result = self.checker.check("lsof -i:5000 | grep python")
assert result.is_safe
def test_chained_commands(self):
result = self.checker.check("pip install flask && python app.py")
assert result.is_safe
def test_env_var_prefix(self):
result = self.checker.check("DATABASE_URL=test python app.py")
assert result.is_safe
def test_reboot_keyword_in_path_not_blocked(self):
result = self.checker.check("cat /app/reboot_config.py")
assert result.is_safe
def test_shutdown_keyword_in_grep_not_blocked(self):
result = self.checker.check("grep shutdown /var/log/syslog")
assert result.is_safe
def test_halt_keyword_in_filename_not_blocked(self):
result = self.checker.check("python halt_checker.py")
assert result.is_safe
class TestDockerExecutor:
"""Tests for the Docker executor (local fallback mode)."""
def setup_method(self):
"""Create executor in local fallback mode."""
self.executor = DockerExecutor(use_local_fallback=True)
self.executor._container_id = "local-fallback"
def test_safe_command_executes(self):
result = self.executor.execute("echo hello world")
assert result.exit_code == 0
assert "hello world" in result.stdout
assert not result.blocked
def test_dangerous_command_blocked(self):
result = self.executor.execute("rm -rf /")
assert result.blocked
assert "BLOCKED" in result.stderr
def test_unknown_command_blocked(self):
result = self.executor.execute("nonexistent_command_xyz")
assert result.blocked
def test_execution_result_fields(self):
result = self.executor.execute("echo test")
assert isinstance(result.stdout, str)
assert isinstance(result.stderr, str)
assert isinstance(result.exit_code, int)
assert isinstance(result.timed_out, bool)
assert isinstance(result.blocked, bool)
def test_stop_container(self):
"""Test that stop_container doesn't crash."""
self.executor.stop_container()
assert self.executor._container_id is None