47 lines
1.4 KiB
Python
47 lines
1.4 KiB
Python
from app.core.command_analyzer import CommandAnalyzer
|
|
from app.core.permission_service import PermissionService
|
|
|
|
|
|
def _permission_service() -> PermissionService:
|
|
return PermissionService(
|
|
config={
|
|
"settings": {},
|
|
"command_categories": {
|
|
"no_always": {
|
|
"allow_once": True,
|
|
"allow_always": False,
|
|
"commands": ["apt", "apt-get", "dpkg", "systemctl"],
|
|
}
|
|
},
|
|
"path_settings": {},
|
|
}
|
|
)
|
|
|
|
|
|
def test_detects_unelevated_root_required_segment_after_sudo_chain() -> None:
|
|
analyzer = CommandAnalyzer(_permission_service())
|
|
|
|
diagnosis = analyzer.analyze(
|
|
command="sudo apt update && apt upgrade -y",
|
|
task_id="task-1",
|
|
session_id="session-1",
|
|
)
|
|
|
|
assert diagnosis["type"] == "privilege_scope_error"
|
|
assert diagnosis["root_required_segments"] == ["apt update", "apt upgrade -y"]
|
|
assert diagnosis["elevated_segments"] == ["apt update"]
|
|
assert diagnosis["unelevated_root_segments"] == ["apt upgrade -y"]
|
|
|
|
|
|
def test_accepts_each_root_required_segment_when_each_is_elevated() -> None:
|
|
analyzer = CommandAnalyzer(_permission_service())
|
|
|
|
diagnosis = analyzer.analyze(
|
|
command="sudo apt update && sudo apt upgrade -y",
|
|
task_id="task-1",
|
|
session_id="session-1",
|
|
)
|
|
|
|
assert diagnosis["type"] == "ok"
|
|
assert diagnosis["unelevated_root_segments"] == []
|