0ef5fcb1c5
Security / Dependency audit (pip-audit) (push) Has been cancelled
Security / CodeQL (javascript-typescript) (push) Has been cancelled
Security / CodeQL (python) (push) Has been cancelled
Security / Secret scan (gitleaks) (push) Has been cancelled
rust / test (ubuntu) (push) Has been cancelled
rust / simulator e2e (macos-latest) (push) Has been cancelled
rust / simulator e2e (ubuntu-latest) (push) Has been cancelled
rust / simulator e2e (windows-latest) (push) Has been cancelled
rust / wheels (aarch64-apple-darwin) (push) Has been cancelled
rust / wheels (x86_64-unknown-linux-gnu) (push) Has been cancelled
rust / wheels (x86_64-apple-darwin) (push) Has been cancelled
rust / audit (push) Has been cancelled
rust / parity (nightly, allowed to fail during Phase 0) (push) Has been cancelled
CI / commitlint (push) Has been skipped
Dev Containers / validate (.devcontainer/devcontainer.json, default) (push) Failing after 0s
Dev Containers / validate (.devcontainer/memory-stack/devcontainer.json, memory-stack) (push) Failing after 0s
Dev Containers / validate-worktree (push) Failing after 0s
CI / changes (push) Failing after 4s
Deploy Documentation / validate (push) Has been skipped
Deploy Documentation / deploy (push) Failing after 1s
Init Native E2E / init-native (ubuntu-latest, claude) (push) Failing after 1s
Init Native E2E / init-native (ubuntu-latest, codex) (push) Failing after 1s
Install Native E2E / install-native (ubuntu-latest) (push) Failing after 1s
OpenCode Plugin / typecheck + build + test (push) Failing after 1s
Init Native E2E / init-native (ubuntu-latest, copilot) (push) Failing after 1s
Release Please / release-please (push) Failing after 1s
Wrap E2E / docker-wrap-e2e (push) Failing after 1s
Wrap Native E2E / wrap-native (ubuntu-latest) (push) Failing after 1s
Init E2E / docker-init-e2e (push) Failing after 4s
Merge Conflicts / merge-conflicts (push) Failing after 4s
CI / lint (push) Has been cancelled
CI / build-wheel (push) Has been cancelled
CI / build-wheel-windows (push) Has been cancelled
CI / prefetch-model (push) Has been cancelled
CI / test-dashboard-ui (push) Has been cancelled
CI / test (1) (push) Has been cancelled
CI / test (2) (push) Has been cancelled
CI / test (3) (push) Has been cancelled
CI / test (4) (push) Has been cancelled
CI / test-extras (push) Has been cancelled
CI / test-agno (push) Has been cancelled
CI / build (push) Has been cancelled
CI / workflow-validation (push) Has been cancelled
CI / docker-native-e2e (push) Has been cancelled
CI / windows-native-wrapper (push) Has been cancelled
CI / macos-native-wrapper (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-code-nonroot name:code-nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-code-slim name:code-slim]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-code-slim-nonroot name:code-slim-nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-nonroot name:nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-slim name:slim]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-slim-nonroot name:slim-nonroot]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime name:]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-code name:code]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-code-nonroot name:code-nonroot]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-code-slim name:code-slim]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-code-slim-nonroot name:code-slim-nonroot]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-nonroot name:nonroot]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-slim name:slim]) (push) Has been cancelled
Docker / docker-manifest (map[bake_target:runtime-slim-nonroot name:slim-nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime name:]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-code name:code]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-code-nonroot name:code-nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-code-slim name:code-slim]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-code-slim-nonroot name:code-slim-nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-nonroot name:nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-slim name:slim]) (push) Has been cancelled
Docker / docker-build (map[name:amd64 platform:linux/amd64 runs_on:ubuntu-24.04], map[bake_target:runtime-slim-nonroot name:slim-nonroot]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime name:]) (push) Has been cancelled
Docker / docker-build (map[name:arm64 platform:linux/arm64 runs_on:ubuntu-24.04-arm], map[bake_target:runtime-code name:code]) (push) Has been cancelled
Docker / promote-latest (push) Has been cancelled
Init Native E2E / init-native (macos-latest, claude) (push) Has been cancelled
Init Native E2E / init-native (macos-latest, codex) (push) Has been cancelled
Init Native E2E / init-native (macos-latest, copilot) (push) Has been cancelled
Install Native E2E / install-native (macos-latest) (push) Has been cancelled
Wrap Native E2E / wrap-native (macos-latest) (push) Has been cancelled
141 lines
5.6 KiB
Python
141 lines
5.6 KiB
Python
"""Security validation tests for Headroom.
|
|
|
|
These tests verify security measures against common attack vectors:
|
|
- SQL injection via metadata keys
|
|
- CCR hash spoofing attacks
|
|
- JSON path injection
|
|
|
|
These tests exist as regression tests to ensure security fixes remain effective.
|
|
"""
|
|
|
|
import pytest
|
|
|
|
from headroom.memory.adapters.sqlite import _validate_metadata_key
|
|
|
|
|
|
class TestSQLiteMetadataKeyValidation:
|
|
"""Test metadata key validation to prevent JSON path injection.
|
|
|
|
Metadata keys are interpolated into json_extract() SQL expressions.
|
|
Without validation, malicious keys could escape the JSON path and
|
|
inject arbitrary SQL.
|
|
"""
|
|
|
|
def test_valid_simple_key(self):
|
|
"""Accept simple alphanumeric keys."""
|
|
assert _validate_metadata_key("status") is True
|
|
assert _validate_metadata_key("user_id") is True
|
|
assert _validate_metadata_key("item_count") is True
|
|
|
|
def test_valid_key_with_hyphens(self):
|
|
"""Accept keys with hyphens (common in APIs)."""
|
|
assert _validate_metadata_key("content-type") is True
|
|
assert _validate_metadata_key("x-custom-header") is True
|
|
|
|
def test_valid_key_starting_with_underscore(self):
|
|
"""Accept keys starting with underscore."""
|
|
assert _validate_metadata_key("_internal") is True
|
|
assert _validate_metadata_key("_id") is True
|
|
|
|
def test_rejects_empty_key(self):
|
|
"""Reject empty keys."""
|
|
assert _validate_metadata_key("") is False
|
|
|
|
def test_rejects_json_path_injection(self):
|
|
"""Reject keys that could escape JSON path expression."""
|
|
# Attempt to close the JSON path and add SQL
|
|
assert _validate_metadata_key("'] OR 1=1--") is False
|
|
assert _validate_metadata_key("key') OR 1=1--") is False
|
|
assert _validate_metadata_key('key") OR 1=1--') is False
|
|
|
|
def test_rejects_sql_injection_patterns(self):
|
|
"""Reject keys with SQL injection patterns."""
|
|
assert _validate_metadata_key("key; DROP TABLE memories;--") is False
|
|
assert _validate_metadata_key("key UNION SELECT * FROM users") is False
|
|
assert _validate_metadata_key("1=1") is False
|
|
|
|
def test_rejects_special_characters(self):
|
|
"""Reject keys with special characters."""
|
|
assert _validate_metadata_key("key.nested") is False # Dots
|
|
assert _validate_metadata_key("key[0]") is False # Brackets
|
|
assert _validate_metadata_key("key$") is False # Dollar sign
|
|
assert _validate_metadata_key("key@domain") is False # At sign
|
|
assert _validate_metadata_key("key/path") is False # Slashes
|
|
assert _validate_metadata_key("key\\path") is False # Backslashes
|
|
assert _validate_metadata_key("key'quote") is False # Quotes
|
|
assert _validate_metadata_key('key"quote') is False # Double quotes
|
|
|
|
def test_rejects_keys_starting_with_number(self):
|
|
"""Reject keys starting with a number."""
|
|
assert _validate_metadata_key("123key") is False
|
|
assert _validate_metadata_key("0_prefix") is False
|
|
|
|
def test_rejects_very_long_keys(self):
|
|
"""Reject excessively long keys (potential DoS)."""
|
|
long_key = "a" * 256
|
|
assert _validate_metadata_key(long_key) is False
|
|
|
|
# 255 chars should be acceptable
|
|
valid_long_key = "a" * 255
|
|
assert _validate_metadata_key(valid_long_key) is True
|
|
|
|
def test_rejects_unicode_bypass_attempts(self):
|
|
"""Reject Unicode characters that might bypass filtering."""
|
|
# Various Unicode quote-like characters
|
|
assert _validate_metadata_key("key\u2019") is False # Right single quote
|
|
assert _validate_metadata_key("key\u201c") is False # Left double quote
|
|
assert _validate_metadata_key("key\u0000") is False # Null byte
|
|
|
|
|
|
class TestSQLiteMetadataFilteringIntegration:
|
|
"""Integration tests for metadata filtering with validation."""
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_malicious_metadata_filter_is_skipped(self):
|
|
"""Malicious metadata keys should be silently skipped, not cause errors."""
|
|
import tempfile
|
|
from pathlib import Path
|
|
|
|
from headroom.memory.adapters.sqlite import SQLiteMemoryStore
|
|
from headroom.memory.models import Memory
|
|
from headroom.memory.ports import MemoryFilter
|
|
|
|
with tempfile.NamedTemporaryFile(suffix=".db", delete=False) as f:
|
|
db_path = Path(f.name)
|
|
|
|
try:
|
|
store = SQLiteMemoryStore(db_path)
|
|
|
|
# Create a memory with safe metadata
|
|
memory = Memory(
|
|
id="test-1",
|
|
content="Test content",
|
|
user_id="alice",
|
|
metadata={"safe_key": "value"},
|
|
)
|
|
await store.save(memory)
|
|
|
|
# Attempt to query with malicious metadata key - should not raise
|
|
# The malicious key should be silently skipped
|
|
malicious_filter = MemoryFilter(
|
|
user_id="alice",
|
|
metadata_filters={"'] OR 1=1--": "malicious"},
|
|
)
|
|
results = await store.query(malicious_filter)
|
|
|
|
# Query should succeed (malicious key skipped)
|
|
# Results may or may not include our memory depending on other conditions
|
|
assert isinstance(results, list)
|
|
|
|
# Query with valid metadata filter should work normally
|
|
valid_filter = MemoryFilter(
|
|
user_id="alice",
|
|
metadata_filters={"safe_key": "value"},
|
|
)
|
|
results = await store.query(valid_filter)
|
|
assert len(results) == 1
|
|
assert results[0].id == "test-1"
|
|
|
|
finally:
|
|
db_path.unlink(missing_ok=True)
|