gabriel / muse public
test_security_path_traversal.py python
699 lines 27.1 KB
Raw
sha256:2eaa5d95f9d9383498e76947410a26e5a3ba23d182f339910c424cf88fad412b fix: try fetch/presign before fetch/mpack to avoid Cloudfla… Sonnet 4.6 patch 6 days ago
1 """Phase 2.1 — Path traversal security tests.
2
3 Covers every attack vector identified in the muse-powered security recon:
4
5 1. validate_workspace_path / validate_path_prefix — unit tests for the new
6 validation primitives that gate all workspace-relative path inputs.
7 2. hash-object — special-file guard (named pipes, sockets), null-byte
8 injection, symlink following (documented behaviour), very long paths.
9 3. ls-files --path-prefix — null-byte and glob metacharacter injection.
10 4. check-attr — traversal sequences, null bytes, absolute paths, control
11 characters, CRLF-poisoned stdin, very long paths.
12 5. check-ignore — same surface as check-attr.
13 6. verify-object --stdin — CRLF line endings must not embed \\r in IDs.
14 7. apply_mpack / unpack-objects — zip-slip attack via malicious manifest keys;
15 malicious object IDs in pack bundles.
16
17 Design principles
18 -----------------
19 - Every test is hermetic: uses tmp_path, writes only what it needs.
20 - No datetime.now() — pinned UTC timestamps wherever commits are needed.
21 - No synthetic IDs — compute_commit_id / compute_snapshot_id used throughout.
22 - Stress: 10 000-path batch, 100 000-char path, 100-entry malicious manifest.
23 """
24
25 from __future__ import annotations
26
27 import datetime
28 import json
29 import os
30 import pathlib
31 import sys
32
33 import pytest
34
35 from tests.cli_test_helper import CliRunner
36 from muse.core.errors import ExitCode
37 from muse.core.object_store import write_object
38 from muse.core.mpack import MPack, SnapshotDeltaDict, apply_mpack
39 from muse.core.ids import hash_commit as compute_commit_id, hash_snapshot as compute_snapshot_id
40 from muse.core.commits import (
41 CommitRecord,
42 write_commit,
43 )
44 from muse.core.snapshots import (
45 SnapshotRecord,
46 write_snapshot,
47 )
48 from muse.core.validation import (
49 validate_path_prefix,
50 validate_workspace_path,
51 )
52 from muse.core.types import Manifest, blob_id, fake_id, long_id
53 from muse.core.paths import heads_dir, muse_dir
54
55 cli = None # argparse migration — CliRunner ignores this
56 runner = CliRunner()
57
58 _REPO_ID = "security-test"
59 _BASE_DT = datetime.datetime(2026, 1, 1, tzinfo=datetime.timezone.utc)
60
61
62 # ---------------------------------------------------------------------------
63 # Repo helpers
64 # ---------------------------------------------------------------------------
65
66
67 def _init_repo(root: pathlib.Path) -> pathlib.Path:
68 dot_muse = muse_dir(root)
69 for d in ("commits", "snapshots", "objects", "refs/heads"):
70 (dot_muse / d).mkdir(parents=True, exist_ok=True)
71 (dot_muse / "HEAD").write_text("ref: refs/heads/main", encoding="utf-8")
72 (dot_muse / "repo.json").write_text(
73 json.dumps({"repo_id": _REPO_ID, "domain": "generic"}), encoding="utf-8"
74 )
75 return root
76
77
78 def _make_commit(root: pathlib.Path, idx: int = 0, parent_id: str | None = None) -> str:
79 manifest: Manifest = {f"file_{idx}.py": "a" * 64}
80 snap_id = compute_snapshot_id(manifest)
81 write_snapshot(root, SnapshotRecord(snapshot_id=snap_id, manifest=manifest))
82 dt = _BASE_DT + datetime.timedelta(hours=idx)
83 parent_ids = [parent_id] if parent_id else []
84 commit_id = compute_commit_id(
85 parent_ids=parent_ids,
86 snapshot_id=snap_id,
87 message=f"commit {idx}",
88 committed_at_iso=dt.isoformat(),
89 )
90 write_commit(root, CommitRecord(
91 commit_id=commit_id, branch="main",
92 snapshot_id=snap_id, message=f"commit {idx}", committed_at=dt,
93 parent_commit_id=parent_id,
94 ))
95 (heads_dir(root) / "main").write_text(commit_id, encoding="utf-8")
96 return commit_id
97
98
99 def _env(root: pathlib.Path) -> Manifest:
100 return {"MUSE_REPO_ROOT": str(root)}
101
102
103 # ===========================================================================
104 # 1. validate_workspace_path — unit tests
105 # ===========================================================================
106
107
108 class TestValidateWorkspacePath:
109 def test_valid_simple_path(self) -> None:
110 assert validate_workspace_path("tracks/drums.mid") == "tracks/drums.mid"
111
112 def test_valid_filename_only(self) -> None:
113 assert validate_workspace_path("README.md") == "README.md"
114
115 def test_valid_with_dots_in_name(self) -> None:
116 assert validate_workspace_path("src/my.module.py") == "src/my.module.py"
117
118 def test_valid_with_tab(self) -> None:
119 # Tab is the only non-printable char we allow.
120 assert validate_workspace_path("path\twith\ttabs") == "path\twith\ttabs"
121
122 def test_rejects_empty(self) -> None:
123 with pytest.raises(ValueError, match="empty"):
124 validate_workspace_path("")
125
126 def test_rejects_null_byte(self) -> None:
127 with pytest.raises(ValueError, match="null byte"):
128 validate_workspace_path("foo\x00bar")
129
130 def test_rejects_null_byte_prefix_injection(self) -> None:
131 """Classic null-byte injection: foo\\x00../../etc/passwd."""
132 with pytest.raises(ValueError, match="null byte"):
133 validate_workspace_path("tracks/song.mid\x00../../etc/passwd")
134
135 def test_rejects_dotdot_relative(self) -> None:
136 with pytest.raises(ValueError, match="traversal"):
137 validate_workspace_path("../../../etc/passwd")
138
139 def test_rejects_dotdot_in_middle(self) -> None:
140 with pytest.raises(ValueError, match="traversal"):
141 validate_workspace_path("tracks/../../../etc/passwd")
142
143 def test_rejects_dotdot_alone(self) -> None:
144 with pytest.raises(ValueError, match="traversal"):
145 validate_workspace_path("..")
146
147 def test_rejects_absolute_posix(self) -> None:
148 with pytest.raises(ValueError, match="absolute"):
149 validate_workspace_path("/etc/passwd")
150
151 def test_rejects_absolute_windows_backslash(self) -> None:
152 with pytest.raises(ValueError, match="absolute"):
153 validate_workspace_path("\\windows\\path")
154
155 def test_rejects_windows_drive_letter(self) -> None:
156 with pytest.raises(ValueError, match="absolute"):
157 validate_workspace_path("C:\\Users\\malicious")
158
159 def test_rejects_control_character_cr(self) -> None:
160 with pytest.raises(ValueError, match="control character"):
161 validate_workspace_path("foo\rbar")
162
163 def test_rejects_control_character_lf(self) -> None:
164 with pytest.raises(ValueError, match="control character"):
165 validate_workspace_path("foo\nbar")
166
167 def test_rejects_control_character_esc(self) -> None:
168 with pytest.raises(ValueError, match="control character"):
169 validate_workspace_path("foo\x1bbar")
170
171 def test_rejects_ansi_escape_sequence(self) -> None:
172 """ESC[31m — terminal colour injection."""
173 with pytest.raises(ValueError, match="control character"):
174 validate_workspace_path("\x1b[31mmalicious\x1b[0m")
175
176 def test_rejects_very_long_path(self) -> None:
177 with pytest.raises(ValueError, match="too long"):
178 validate_workspace_path("a/" * 2500) # > 4096 chars
179
180 def test_accepts_path_at_max_length(self) -> None:
181 # 4096 chars exactly — must pass.
182 p = "a" * 4096
183 assert validate_workspace_path(p) == p
184
185 def test_rejects_path_one_over_max(self) -> None:
186 with pytest.raises(ValueError, match="too long"):
187 validate_workspace_path("a" * 4097)
188
189
190 # ===========================================================================
191 # 2. validate_path_prefix — unit tests
192 # ===========================================================================
193
194
195 class TestValidatePathPrefix:
196 def test_valid_prefix(self) -> None:
197 assert validate_path_prefix("src/") == "src/"
198
199 def test_valid_empty_prefix(self) -> None:
200 # Empty prefix matches everything — it's a valid no-op filter.
201 assert validate_path_prefix("") == ""
202
203 def test_rejects_null_byte(self) -> None:
204 with pytest.raises(ValueError, match="null byte"):
205 validate_path_prefix("src/\x00malicious")
206
207 def test_rejects_glob_star(self) -> None:
208 with pytest.raises(ValueError, match="glob metacharacters"):
209 validate_path_prefix("src/*.py")
210
211 def test_rejects_glob_question(self) -> None:
212 with pytest.raises(ValueError, match="glob metacharacters"):
213 validate_path_prefix("src/?")
214
215 def test_rejects_glob_bracket(self) -> None:
216 with pytest.raises(ValueError, match="glob metacharacters"):
217 validate_path_prefix("src/[ab]")
218
219 def test_rejects_control_character(self) -> None:
220 with pytest.raises(ValueError, match="control character"):
221 validate_path_prefix("src/\x1b[malicious")
222
223
224 # ===========================================================================
225 # 3. hash-object — special-file guard, null bytes, symlinks, long paths
226 # ===========================================================================
227
228
229 class TestHashObjectSecurity:
230 def test_rejects_named_pipe(self, tmp_path: pathlib.Path) -> None:
231 """A named pipe (FIFO) must be rejected — opening it would block forever."""
232 fifo = tmp_path / "malicious.fifo"
233 os.mkfifo(fifo)
234 result = runner.invoke(cli, ["hash-object", str(fifo)])
235 assert result.exit_code != 0
236 assert "not a regular file" in result.stderr.lower() or "regular" in result.stderr.lower()
237
238 def test_rejects_directory(self, tmp_path: pathlib.Path) -> None:
239 result = runner.invoke(cli, ["hash-object", str(tmp_path)])
240 assert result.exit_code != 0
241
242 def test_rejects_nonexistent_path(self, tmp_path: pathlib.Path) -> None:
243 result = runner.invoke(cli, ["hash-object", str(tmp_path / "ghost.txt")])
244 assert result.exit_code != 0
245
246 def test_regular_file_accepted(self, tmp_path: pathlib.Path) -> None:
247 f = tmp_path / "hello.txt"
248 f.write_bytes(b"hello muse")
249 result = runner.invoke(cli, ["hash-object", "--json", str(f)])
250 assert result.exit_code == 0
251 data = json.loads(result.output)
252 assert data["object_id"].startswith("sha256:")
253 assert len(data["object_id"]) == 71
254
255 def test_symlink_to_regular_file_accepted(self, tmp_path: pathlib.Path) -> None:
256 """Symlinks to regular files are followed — consistent with git hash-object."""
257 real = tmp_path / "real.txt"
258 real.write_bytes(b"real content")
259 link = tmp_path / "link.txt"
260 link.symlink_to(real)
261 result = runner.invoke(cli, ["hash-object", str(link)])
262 # By design: hash-object follows symlinks to regular files.
263 assert result.exit_code == 0
264
265 def test_symlink_to_nonexistent_rejected(self, tmp_path: pathlib.Path) -> None:
266 link = tmp_path / "dangling.txt"
267 link.symlink_to(tmp_path / "ghost.txt")
268 result = runner.invoke(cli, ["hash-object", str(link)])
269 assert result.exit_code != 0
270
271 def test_very_long_path_rejected(self, tmp_path: pathlib.Path) -> None:
272 """A 100 000-char path argument must not stack-overflow — it simply won't exist."""
273 long_path = f"{tmp_path}/{'a' * 100_000}"
274 result = runner.invoke(cli, ["hash-object", long_path])
275 # The file doesn't exist so exit code is non-zero — no crash.
276 assert result.exit_code != 0
277 assert "exit_code" not in result.output # no Python traceback leaked
278
279 def test_write_stores_object_in_repo(self, tmp_path: pathlib.Path) -> None:
280 _init_repo(tmp_path)
281 f = tmp_path / "data.bin"
282 f.write_bytes(b"secret content")
283 result = runner.invoke(
284 cli, ["hash-object", "--write", "--json", str(f)],
285 env=_env(tmp_path),
286 )
287 assert result.exit_code == 0
288 data = json.loads(result.output)
289 assert data["stored"] is True
290
291 @pytest.mark.skipif(sys.platform == "win32", reason="block devices not on Windows")
292 def test_rejects_char_device(self) -> None:
293 """/dev/null is a char device — must be rejected."""
294 null_dev = pathlib.Path("/dev/null")
295 if not null_dev.exists():
296 pytest.skip("/dev/null not available")
297 result = runner.invoke(cli, ["hash-object", str(null_dev)])
298 assert result.exit_code != 0
299
300
301 # ===========================================================================
302 # 4. ls-files — prefix injection
303 # ===========================================================================
304
305
306 class TestLsFilesPrefix:
307 def test_null_byte_in_prefix_rejected(self, tmp_path: pathlib.Path) -> None:
308 _init_repo(tmp_path)
309 _make_commit(tmp_path)
310 result = runner.invoke(
311 cli, ["ls-files", "--path-prefix", "src/\x00malicious"],
312 env=_env(tmp_path),
313 )
314 assert result.exit_code != 0
315
316 def test_glob_star_in_prefix_rejected(self, tmp_path: pathlib.Path) -> None:
317 _init_repo(tmp_path)
318 _make_commit(tmp_path)
319 result = runner.invoke(
320 cli, ["ls-files", "--path-prefix", "src/*.py"],
321 env=_env(tmp_path),
322 )
323 assert result.exit_code != 0
324
325 def test_clean_prefix_accepted(self, tmp_path: pathlib.Path) -> None:
326 _init_repo(tmp_path)
327 _make_commit(tmp_path)
328 result = runner.invoke(
329 cli, ["ls-files", "--path-prefix", "file_"],
330 env=_env(tmp_path),
331 )
332 assert result.exit_code == 0
333
334 def test_empty_prefix_returns_all(self, tmp_path: pathlib.Path) -> None:
335 _init_repo(tmp_path)
336 _make_commit(tmp_path)
337 result = runner.invoke(
338 cli, ["ls-files", "--path-prefix", ""],
339 env=_env(tmp_path),
340 )
341 # Empty prefix is valid and returns all files.
342 assert result.exit_code == 0
343
344
345 # ===========================================================================
346 # 5. check-attr — traversal, null bytes, absolute paths, CRLF stdin
347 # ===========================================================================
348
349
350 class TestCheckAttrSecurity:
351 def _repo_with_attrs(self, root: pathlib.Path) -> pathlib.Path:
352 _init_repo(root)
353 (root / ".museattributes").write_text(
354 '[rules]\n[[rules.entries]]\npath_pattern = "*"\ndimension = "*"\n'
355 'strategy = "auto"\ncomment = ""\n',
356 encoding="utf-8",
357 )
358 return root
359
360 def test_traversal_path_rejected(self, tmp_path: pathlib.Path) -> None:
361 self._repo_with_attrs(tmp_path)
362 result = runner.invoke(
363 cli, ["check-attr", "../../../etc/passwd"],
364 env=_env(tmp_path),
365 )
366 assert result.exit_code != 0
367 out = result.stderr
368 assert "traversal" in out.lower() or "invalid" in out.lower()
369
370 def test_null_byte_path_rejected(self, tmp_path: pathlib.Path) -> None:
371 self._repo_with_attrs(tmp_path)
372 result = runner.invoke(
373 cli, ["check-attr", "foo\x00../../etc/passwd"],
374 env=_env(tmp_path),
375 )
376 assert result.exit_code != 0
377
378 def test_absolute_path_rejected(self, tmp_path: pathlib.Path) -> None:
379 self._repo_with_attrs(tmp_path)
380 result = runner.invoke(
381 cli, ["check-attr", "/etc/passwd"],
382 env=_env(tmp_path),
383 )
384 assert result.exit_code != 0
385
386 def test_ansi_escape_in_path_rejected(self, tmp_path: pathlib.Path) -> None:
387 """ESC[31m in a path argument must be rejected before it reaches output."""
388 self._repo_with_attrs(tmp_path)
389 result = runner.invoke(
390 cli, ["check-attr", "\x1b[31mmalicious\x1b[0m"],
391 env=_env(tmp_path),
392 )
393 assert result.exit_code != 0
394
395 def test_valid_path_accepted(self, tmp_path: pathlib.Path) -> None:
396 self._repo_with_attrs(tmp_path)
397 result = runner.invoke(
398 cli, ["check-attr", "tracks/drums.mid"],
399 env=_env(tmp_path),
400 )
401 assert result.exit_code == 0
402
403 def test_very_long_path_rejected(self, tmp_path: pathlib.Path) -> None:
404 self._repo_with_attrs(tmp_path)
405 long_path = "a/" * 2500 # > 4096 chars
406 result = runner.invoke(
407 cli, ["check-attr", long_path],
408 env=_env(tmp_path),
409 )
410 assert result.exit_code != 0
411
412 def test_crlf_stdin_stripped(self, tmp_path: pathlib.Path) -> None:
413 """CRLF-terminated stdin lines must not embed \\r in path strings."""
414 self._repo_with_attrs(tmp_path)
415 # "tracks/ok.mid\r\n" — the \\r must be stripped before path use.
416 crlf_input = "tracks/ok.mid\r\n"
417 result = runner.invoke(
418 cli, ["check-attr", "--stdin"],
419 input=crlf_input,
420 env=_env(tmp_path),
421 )
422 assert result.exit_code == 0
423 # The path in output must not contain \\r.
424 assert "\r" not in result.output
425
426 def test_10k_paths_stress(self, tmp_path: pathlib.Path) -> None:
427 """10 000 valid paths must be processed without crash or timeout."""
428 self._repo_with_attrs(tmp_path)
429 paths = [f"track_{i:05d}.mid" for i in range(10_000)]
430 stdin_data = "\n".join(paths)
431 result = runner.invoke(
432 cli, ["check-attr", "--stdin"],
433 input=stdin_data,
434 env=_env(tmp_path),
435 )
436 assert result.exit_code == 0
437
438
439 # ===========================================================================
440 # 6. check-ignore — same surface as check-attr
441 # ===========================================================================
442
443
444 class TestCheckIgnoreSecurity:
445 def _repo(self, root: pathlib.Path) -> pathlib.Path:
446 _init_repo(root)
447 # .museignore is TOML format — not a gitignore-style file.
448 (root / ".museignore").write_text(
449 '[global]\npatterns = ["build/", "*.bin"]\n',
450 encoding="utf-8",
451 )
452 return root
453
454 def test_traversal_path_rejected(self, tmp_path: pathlib.Path) -> None:
455 self._repo(tmp_path)
456 result = runner.invoke(
457 cli, ["check-ignore", "../../../etc/passwd"],
458 env=_env(tmp_path),
459 )
460 assert result.exit_code != 0
461
462 def test_null_byte_path_rejected(self, tmp_path: pathlib.Path) -> None:
463 self._repo(tmp_path)
464 result = runner.invoke(
465 cli, ["check-ignore", "build/\x00../../etc/cron.d/malicious"],
466 env=_env(tmp_path),
467 )
468 assert result.exit_code != 0
469
470 def test_absolute_path_rejected(self, tmp_path: pathlib.Path) -> None:
471 self._repo(tmp_path)
472 result = runner.invoke(
473 cli, ["check-ignore", "/absolute/path"],
474 env=_env(tmp_path),
475 )
476 assert result.exit_code != 0
477
478 def test_valid_path_accepted(self, tmp_path: pathlib.Path) -> None:
479 self._repo(tmp_path)
480 result = runner.invoke(
481 cli, ["check-ignore", "build/output.bin"],
482 env=_env(tmp_path),
483 )
484 assert result.exit_code == 0
485
486 def test_crlf_stdin_does_not_embed_cr(self, tmp_path: pathlib.Path) -> None:
487 self._repo(tmp_path)
488 crlf = "build/out.bin\r\n"
489 result = runner.invoke(
490 cli, ["check-ignore", "--stdin"],
491 input=crlf,
492 env=_env(tmp_path),
493 )
494 assert result.exit_code == 0
495 assert "\r" not in result.output
496
497 def test_dotdot_in_middle_rejected(self, tmp_path: pathlib.Path) -> None:
498 self._repo(tmp_path)
499 result = runner.invoke(
500 cli, ["check-ignore", "build/../../../etc/shadow"],
501 env=_env(tmp_path),
502 )
503 assert result.exit_code != 0
504
505
506 # ===========================================================================
507 # 7. verify-object --stdin — CRLF line endings
508 # ===========================================================================
509
510
511 class TestVerifyObjectStdinCRLF:
512 def test_crlf_id_rejected_cleanly(self, tmp_path: pathlib.Path) -> None:
513 """A CRLF-terminated object ID must produce a clear error, not a crash."""
514 _init_repo(tmp_path)
515 content = b"test content"
516 oid = blob_id(content)
517 write_object(tmp_path, oid, content)
518
519 # Pass the ID with a trailing \\r before the newline.
520 crlf_input = f"{oid}\r\n"
521 result = runner.invoke(
522 cli, ["verify-object", "--stdin"],
523 input=crlf_input,
524 env=_env(tmp_path),
525 )
526 # After the fix: \\r is stripped, so the ID is valid and the object passes.
527 assert result.exit_code == 0
528
529 def test_lf_only_works(self, tmp_path: pathlib.Path) -> None:
530 _init_repo(tmp_path)
531 content = b"lf content"
532 oid = blob_id(content)
533 write_object(tmp_path, oid, content)
534
535 result = runner.invoke(
536 cli, ["verify-object", "--stdin"],
537 input=f"{oid}\n",
538 env=_env(tmp_path),
539 )
540 assert result.exit_code == 0
541
542
543 # ===========================================================================
544 # 8. apply_mpack / unpack-objects — zip-slip via manifest keys
545 # ===========================================================================
546
547
548 class TestPackZipSlip:
549 def _minimal_bundle(self, manifest: Manifest) -> MPack:
550 snap_id = compute_snapshot_id(manifest)
551 snap_dict = SnapshotDeltaDict(
552 snapshot_id=snap_id,
553 parent_snapshot_id=None,
554 delta_upsert=dict(manifest),
555 delta_remove=[],
556 )
557 return MPack(
558 commits=[],
559 snapshots=[snap_dict],
560 blobs=[],
561 tags=[],
562 branch_heads={},
563 )
564
565 def test_traversal_key_in_manifest_rejected(self, tmp_path: pathlib.Path) -> None:
566 """apply_mpack must reject manifests with ../../ traversal keys."""
567 _init_repo(tmp_path)
568 mpack = self._minimal_bundle({"../../etc/cron.d/malicious": "a" * 64})
569 result = apply_mpack(tmp_path, mpack)
570 # The snapshot must be skipped — not written.
571 assert result["snapshots_written"] == 0
572
573 def test_absolute_key_in_manifest_rejected(self, tmp_path: pathlib.Path) -> None:
574 """Manifest keys starting with / must be rejected."""
575 _init_repo(tmp_path)
576 mpack = self._minimal_bundle({"/etc/passwd": "a" * 64})
577 result = apply_mpack(tmp_path, mpack)
578 assert result["snapshots_written"] == 0
579
580 def test_null_byte_key_in_manifest_rejected(self, tmp_path: pathlib.Path) -> None:
581 _init_repo(tmp_path)
582 mpack = self._minimal_bundle({"tracks/\x00malicious": "a" * 64})
583 result = apply_mpack(tmp_path, mpack)
584 assert result["snapshots_written"] == 0
585
586 def test_invalid_object_id_in_manifest_rejected(self, tmp_path: pathlib.Path) -> None:
587 """Manifest values must be valid 64-hex object IDs."""
588 _init_repo(tmp_path)
589 # Craft mpack manually — compute_snapshot_id rejects invalid OIDs.
590 # _apply_snapshot_deltas will also raise when it calls compute_snapshot_id
591 # on the reconstructed manifest, so snapshots_written stays 0.
592 snap_dict = SnapshotDeltaDict(
593 snapshot_id=fake_id("invalid-snap"),
594 parent_snapshot_id=None,
595 delta_upsert={"file.py": "not-a-valid-oid"}, # type: ignore[typeddict-item]
596 delta_remove=[],
597 )
598 mpack = MPack(
599 commits=[],
600 snapshots=[snap_dict],
601 blobs=[],
602 tags=[],
603 branch_heads={},
604 )
605 result = apply_mpack(tmp_path, mpack)
606 assert result["snapshots_written"] == 0
607
608 def test_clean_manifest_written(self, tmp_path: pathlib.Path) -> None:
609 """A manifest with valid keys and IDs must be written successfully."""
610 _init_repo(tmp_path)
611 mpack = self._minimal_bundle({"src/main.py": long_id("b" * 64)})
612 result = apply_mpack(tmp_path, mpack)
613 assert result["snapshots_written"] == 1
614
615 def test_100_malicious_keys_all_skipped(self, tmp_path: pathlib.Path) -> None:
616 """Stress: 100 bundles each with a traversal key — all must be rejected."""
617 _init_repo(tmp_path)
618 skipped = 0
619 for i in range(100):
620 manifest: Manifest = {f"../../malicious_{i}": "a" * 64}
621 mpack = self._minimal_bundle(manifest)
622 result = apply_mpack(tmp_path, mpack)
623 skipped += result["snapshots_written"]
624 assert skipped == 0
625
626 def test_malicious_object_id_in_pack_rejected(self, tmp_path: pathlib.Path) -> None:
627 """An object payload with a non-hex 'object_id' must be rejected by write_object."""
628 _init_repo(tmp_path)
629 from muse.core.mpack import BlobPayload
630 bad_obj = BlobPayload(object_id="../../etc/malicious", content=b"payload")
631 mpack = MPack(
632 commits=[], snapshots=[], blobs=[bad_obj], tags=[], branch_heads={}
633 )
634 result = apply_mpack(tmp_path, mpack)
635 # The blob must be skipped (write_object raises ValueError on bad ID).
636 assert result["blobs_written"] == 0
637
638 def test_unpack_objects_core_with_traversal_manifest(
639 self, tmp_path: pathlib.Path
640 ) -> None:
641 """Core apply_mpack rejects traversal manifest keys from any mpack source."""
642 _init_repo(tmp_path)
643 mpack = self._minimal_bundle({"../../malicious": "a" * 64})
644 result = apply_mpack(tmp_path, mpack)
645 # The traversal manifest key must cause the snapshot to be skipped.
646 assert result["snapshots_written"] == 0
647
648
649 # ===========================================================================
650 # 9. Integration: full pipeline with adversarial inputs
651 # ===========================================================================
652
653
654 class TestEndToEndAdversarial:
655 def test_hash_object_write_then_ls_files(self, tmp_path: pathlib.Path) -> None:
656 """Write a real object, commit it, list it — no traversal at any step."""
657 _init_repo(tmp_path)
658 f = tmp_path / "song.mid"
659 f.write_bytes(b"\x00" * 128) # synthetic MIDI-like content
660 result = runner.invoke(
661 cli, ["hash-object", "--write", str(f)],
662 env=_env(tmp_path),
663 )
664 assert result.exit_code == 0
665
666 def test_check_attr_stdin_mixed_good_and_bad(self, tmp_path: pathlib.Path) -> None:
667 """Mixed stdin with one traversal path must reject the whole batch cleanly."""
668 _init_repo(tmp_path)
669 (tmp_path / ".museattributes").write_text(
670 '[rules]\n[[rules.entries]]\npath_pattern = "*"\ndimension = "*"\n'
671 'strategy = "auto"\ncomment = ""\n',
672 encoding="utf-8",
673 )
674 mixed_stdin = "tracks/good.mid\n../../../etc/passwd\ntracks/also_good.mid\n"
675 result = runner.invoke(
676 cli, ["check-attr", "--stdin"],
677 input=mixed_stdin,
678 env=_env(tmp_path),
679 )
680 # The batch must be rejected as soon as the bad path is encountered.
681 assert result.exit_code != 0
682
683 def test_no_sensitive_data_in_error_output(self, tmp_path: pathlib.Path) -> None:
684 """Error messages for traversal attempts must not echo the full attack string."""
685 _init_repo(tmp_path)
686 (tmp_path / ".museattributes").write_text(
687 '[rules]\n[[rules.entries]]\npath_pattern = "*"\ndimension = "*"\n'
688 'strategy = "auto"\ncomment = ""\n',
689 encoding="utf-8",
690 )
691 attack = "../../../etc/passwd"
692 result = runner.invoke(
693 cli, ["check-attr", attack],
694 env=_env(tmp_path),
695 )
696 assert result.exit_code != 0
697 # The error output must not contain raw control sequences or leak
698 # system paths (the path is echoed, but sanitize_display must strip it).
699 assert "\x1b" not in result.output
File History 1 commit
sha256:2eaa5d95f9d9383498e76947410a26e5a3ba23d182f339910c424cf88fad412b fix: try fetch/presign before fetch/mpack to avoid Cloudfla… Sonnet 4.6 patch 6 days ago