#!/usr/bin/env node
/**
* Test script for security pattern blocking
*/
// Security patterns (copied from server/index.js for testing)
const BLOCKED_PATTERNS = [
// Shell command deletions
/do\s+shell\s+script\s+["'][^"']*\b(rm|rmdir|unlink)\s/i,
/do\s+shell\s+script\s+["'][^"']*\brm\s+-[rf]/i,
/do\s+shell\s+script\s+["'][^"']*\brm\b/i,
// Finder deletions
/\bdelete\s+(every\s+)?(file|folder|item|document|disk\s+item)/i,
/\bmove\s+.+\s+to\s+(the\s+)?trash/i,
/\bempty\s+(the\s+)?trash/i,
// System Events deletions
/System\s+Events["'\s]+to\s+delete/is,
// JXA deletions
/\.remove\s*\(\s*\)/i,
/\.delete\s*\(\s*\)/i,
/NSFileManager.*removeItem/i,
/FileManager.*removeItem/i,
// Additional shell deletions via JXA
/\$\s*\(\s*["']rm\s/i,
/app\.doShellScript\s*\([^)]*\brm\b/i,
];
function checkScriptSafety(script) {
for (const pattern of BLOCKED_PATTERNS) {
if (pattern.test(script)) {
return { blocked: true, pattern: pattern.toString() };
}
}
return { blocked: false };
}
// Test cases
const allowedScripts = [
// Finder operations
'tell application "Finder" to get name of every disk',
'tell application "Finder" to get every file of desktop',
// Shell commands (non-deletion)
'do shell script "ls -la ~/Desktop"',
'do shell script "whoami"',
'do shell script "curl -s https://api.github.com"',
'do shell script "cat ~/.zshrc"',
// System Events
'tell application "System Events" to get name of every process',
'tell application "System Events" to keystroke "hello"',
// App control
'tell application "Safari" to get URL of current tab of window 1',
'tell application "Music" to get name of current track',
];
const blockedScripts = [
// Shell deletions
'do shell script "rm -rf ~/test"',
'do shell script "rm test.txt"',
'do shell script "rmdir testdir"',
// Finder deletions
'tell application "Finder" to delete file "test.txt" of desktop',
'move file "test.txt" to trash',
'empty trash',
'empty the trash',
// System Events deletion
'tell application "System Events" to delete file "test.txt"',
];
console.log("=== Testing ALLOWED scripts ===\n");
let allowedPass = true;
for (const script of allowedScripts) {
const result = checkScriptSafety(script);
const status = result.blocked ? "BLOCKED (ERROR!)" : "ALLOWED";
if (result.blocked) allowedPass = false;
console.log(`[${status}] ${script.substring(0, 60)}...`);
if (result.blocked) {
console.log(` Pattern: ${result.pattern}`);
}
}
console.log("\n=== Testing BLOCKED scripts ===\n");
let blockedPass = true;
for (const script of blockedScripts) {
const result = checkScriptSafety(script);
const status = result.blocked ? "BLOCKED" : "ALLOWED (ERROR!)";
if (!result.blocked) blockedPass = false;
console.log(`[${status}] ${script.substring(0, 60)}...`);
if (result.blocked) {
console.log(` Pattern: ${result.pattern}`);
}
}
console.log("\n=== Summary ===\n");
console.log(`Allowed scripts test: ${allowedPass ? "PASS" : "FAIL"}`);
console.log(`Blocked scripts test: ${blockedPass ? "PASS" : "FAIL"}`);
console.log(`Overall: ${allowedPass && blockedPass ? "ALL TESTS PASSED" : "SOME TESTS FAILED"}`);
process.exit(allowedPass && blockedPass ? 0 : 1);
