71 lines
3.0 KiB
Python
71 lines
3.0 KiB
Python
"""Security tests for MemoryTool20250818."""
|
|
|
|
import pytest
|
|
from pathlib import Path
|
|
from nanobot.agent.tools.anthropic import MemoryTool20250818
|
|
|
|
|
|
@pytest.fixture
|
|
def temp_workspace(tmp_path):
|
|
"""Create temporary workspace."""
|
|
return tmp_path
|
|
|
|
|
|
@pytest.fixture
|
|
def memory_tool(temp_workspace):
|
|
"""Create MemoryTool instance."""
|
|
return MemoryTool20250818(workspace=temp_workspace)
|
|
|
|
|
|
class TestPathSecurity:
|
|
"""Test path validation security."""
|
|
|
|
def test_validate_path_valid_root(self, memory_tool):
|
|
"""Test that /memories is valid."""
|
|
result = memory_tool._validate_memory_path("/memories")
|
|
assert result == memory_tool.memories_dir
|
|
|
|
def test_validate_path_valid_file(self, memory_tool):
|
|
"""Test that /memories/notes.txt is valid."""
|
|
result = memory_tool._validate_memory_path("/memories/notes.txt")
|
|
assert result == memory_tool.memories_dir / "notes.txt"
|
|
|
|
def test_validate_path_valid_nested(self, memory_tool):
|
|
"""Test that /memories/project/status.xml is valid."""
|
|
result = memory_tool._validate_memory_path("/memories/project/status.xml")
|
|
assert result == memory_tool.memories_dir / "project" / "status.xml"
|
|
|
|
def test_validate_path_rejects_parent_traversal(self, memory_tool):
|
|
"""Test that ../ is rejected."""
|
|
with pytest.raises(ValueError, match="escapes /memories directory"):
|
|
memory_tool._validate_memory_path("/memories/../config.json")
|
|
|
|
def test_validate_path_rejects_double_parent_traversal(self, memory_tool):
|
|
"""Test that ../../ is rejected."""
|
|
with pytest.raises(ValueError, match="escapes /memories directory"):
|
|
memory_tool._validate_memory_path("/memories/../../etc/passwd")
|
|
|
|
def test_validate_path_rejects_absolute_path(self, memory_tool):
|
|
"""Test that absolute paths are rejected."""
|
|
with pytest.raises(ValueError, match="must start with /memories"):
|
|
memory_tool._validate_memory_path("/etc/passwd")
|
|
|
|
def test_validate_path_rejects_workspace_path(self, memory_tool):
|
|
"""Test that /workspace paths are rejected."""
|
|
with pytest.raises(ValueError, match="must start with /memories"):
|
|
memory_tool._validate_memory_path("/workspace/data.txt")
|
|
|
|
def test_validate_path_rejects_relative_path(self, memory_tool):
|
|
"""Test that relative paths are rejected."""
|
|
with pytest.raises(ValueError, match="must start with /memories"):
|
|
memory_tool._validate_memory_path("notes.txt")
|
|
|
|
def test_validate_path_url_encoded_is_safe(self, memory_tool):
|
|
"""Test that URL-encoded paths are safe (not decoded by pathlib)."""
|
|
# Python's pathlib treats %2e%2e as literal characters, not as ..
|
|
# So this is actually safe - it creates a subdirectory named "%2e%2e"
|
|
attack_path = "/memories/%2e%2e/config.json"
|
|
result = memory_tool._validate_memory_path(attack_path)
|
|
# This should resolve to memories/%2e%2e/config.json (literal characters)
|
|
assert result == memory_tool.memories_dir / "%2e%2e" / "config.json"
|