Adversary MCP Server

"""Tests for security input validator.""" import tempfile from pathlib import Path import pytest from src.adversary_mcp_server.security.input_validator import ( InputValidator, SecurityError, ) class TestInputValidator: """Test suite for InputValidator.""" @pytest.fixture def validator(self): """Create an InputValidator instance.""" return InputValidator() def test_sanitize_input_basic(self, validator): """Test basic input sanitization.""" # Test normal text result = validator.sanitize_input("normal text") assert isinstance(result, str) # Test empty string result = validator.sanitize_input("") assert result == "" def test_sanitize_input_malicious(self, validator): """Test sanitization of potentially malicious input.""" malicious_inputs = [ "text\x00with\x00nulls", # Null bytes "../../../etc/passwd", # Path traversal "'; DROP TABLE users; --", # SQL injection attempt ] for malicious_input in malicious_inputs: sanitized = validator.sanitize_input(malicious_input) # Should not contain null bytes assert "\x00" not in sanitized assert isinstance(sanitized, str) def test_validate_file_path_basic(self, validator): """Test basic file path validation.""" # Create temporary files for testing with tempfile.NamedTemporaryFile(mode="w", delete=False) as temp_file: temp_path = Path(temp_file.name) try: # Test validation of existing file result = validator.validate_file_path(str(temp_path)) assert isinstance(result, Path) assert result.exists() finally: # Cleanup if temp_path.exists(): temp_path.unlink() def test_validate_file_path_dangerous(self, validator): """Test dangerous file path rejection.""" dangerous_paths = [ "file\x00with\x00null", # Null bytes "../../../etc/passwd", # Path traversal ] for path in dangerous_paths: with pytest.raises((SecurityError, FileNotFoundError, ValueError)): validator.validate_file_path(path) def test_input_validator_methods_exist(self, validator): """Test that key methods exist on InputValidator.""" # Test method existence assert hasattr(validator, "sanitize_input") # Test basic functionality result = validator.sanitize_input("test") assert isinstance(result, str) def test_unicode_handling(self, validator): """Test handling of Unicode characters.""" unicode_inputs = [ "file_with_émojis_🎉.txt", "中文文件名.txt", "файл.txt", ] for input_text in unicode_inputs: # Should handle Unicode gracefully sanitized = validator.sanitize_input(input_text) assert isinstance(sanitized, str) def test_large_input_handling(self, validator): """Test handling of very large inputs.""" large_input = "x" * 1000 # Smaller test to avoid issues # Should handle large inputs gracefully result = validator.sanitize_input(large_input) assert isinstance(result, str) def test_none_input_handling(self, validator): """Test handling of None input.""" try: result = validator.sanitize_input(None) # If it doesn't fail, should return a string assert isinstance(result, str) except (TypeError, SecurityError): # Expected behavior for None input pass def test_number_input_handling(self, validator): """Test handling of numeric input.""" try: result = validator.sanitize_input(123) # Should convert to string assert isinstance(result, str) except (TypeError, SecurityError): # May not accept non-string input pass def test_validator_is_callable(self, validator): """Test that validator can be instantiated and used.""" assert validator is not None # Should be able to call sanitize_input result = validator.sanitize_input("test") assert result is not None