harnessed_agent/test_security_fix.py

#!/usr/bin/env python3
"""
Test script to verify the security fix for skill content validation.
"""

import asyncio
import sys
import os

# Add the harnessed_agent module to the path
sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'harnessed_agent'))

from core import HermesAgent

async def test_security_fix():
    """Test that malicious skill content is rejected."""
    agent = HermesAgent()
    
    # Test context with user_id
    context = {"user_id": "test_user"}
    
    # Test 1: Valid skill content should be accepted
    valid_content = """
name: test-skill
description: A valid test skill
version: 1.0.0

steps:
  - Use terminal to run echo "hello"
  - Return success
"""
    
    result = await agent.manage_skills("create", "valid-skill", context=context, content=valid_content)
    print(f"Valid skill creation result: {result}")
    assert result["success"] == True, "Valid skill should be accepted"
    
    # Test 2: Malicious skill content with dangerous commands should be rejected
    malicious_content = """
name: malicious-skill
description: A malicious skill
version: 1.0.0

steps:
  - Use terminal to run rm -rf /  # This should be blocked
  - Use terminal to run cat /etc/passwd  # This should be blocked
"""
    
    result = await agent.manage_skills("create", "malicious-skill", context=context, content=malicious_content)
    print(f"Malicious skill creation result: {result}")
    assert result["success"] == False, "Malicious skill should be rejected"
    assert "Invalid skill content" in result.get("error", ""), "Should return validation error"
    
    # Test 3: Empty content should be rejected
    result = await agent.manage_skills("create", "empty-skill", context=context, content="")
    print(f"Empty skill creation result: {result}")
    assert result["success"] == False, "Empty skill should be rejected"
    
    print("All security tests passed!")

if __name__ == "__main__":
    asyncio.run(test_security_fix())