chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,272 @@
|
||||
/**
|
||||
* #1947 — security/community dashboards must never report fake zeros.
|
||||
*
|
||||
* A backend failure, a network failure, or a missing jq used to degrade to
|
||||
* "0 attacks" / "Weekly active installs: 0" — indistinguishable from a
|
||||
* genuinely healthy reading on a security-signaling surface. The contract
|
||||
* pinned here:
|
||||
*
|
||||
* - non-200 / network failure / error body → "unknown", never 0
|
||||
* - jq missing (security dashboard) → "unknown — install jq", never 0
|
||||
* - 200 with the new backend's status:"ok" → figures trusted
|
||||
* - 200 without the marker (legacy backend) → figures shown + "unverified" note
|
||||
*
|
||||
* curl is stubbed via a prepended PATH; the jq-missing case runs with a
|
||||
* PATH containing only the stub + whitelisted tools (no jq).
|
||||
*/
|
||||
|
||||
import { describe, it, expect, beforeEach, afterEach } from "bun:test";
|
||||
import { spawnSync } from "child_process";
|
||||
import {
|
||||
chmodSync,
|
||||
mkdirSync,
|
||||
mkdtempSync,
|
||||
rmSync,
|
||||
symlinkSync,
|
||||
writeFileSync,
|
||||
} from "fs";
|
||||
import { tmpdir } from "os";
|
||||
import { join } from "path";
|
||||
|
||||
const ROOT = join(import.meta.dir, "..");
|
||||
const SEC_BIN = join(ROOT, "bin", "gstack-security-dashboard");
|
||||
const COMM_BIN = join(ROOT, "bin", "gstack-community-dashboard");
|
||||
// Absolute path: the jq-missing case runs with a whitelist-only PATH, so
|
||||
// "bash" itself wouldn't resolve through the child env.
|
||||
const BASH = Bun.which("bash") || "/bin/bash";
|
||||
|
||||
const GOOD_BODY_MARKER = JSON.stringify({
|
||||
status: "ok",
|
||||
weekly_active: 42,
|
||||
change_pct: 5,
|
||||
top_skills: [{ skill: "ship", count: 9 }],
|
||||
crashes: [],
|
||||
versions: [],
|
||||
security: {
|
||||
attacks_last_7_days: 3,
|
||||
top_attack_domains: [{ domain: "evil.example", count: 7 }],
|
||||
top_attack_layers: [{ layer: "L4", count: 3 }],
|
||||
verdict_distribution: [{ verdict: "block", count: 3 }],
|
||||
},
|
||||
});
|
||||
|
||||
// Pre-#1947 backend shape: same data, no status marker.
|
||||
const GOOD_BODY_LEGACY = JSON.stringify({
|
||||
...JSON.parse(GOOD_BODY_MARKER),
|
||||
status: undefined,
|
||||
});
|
||||
|
||||
const CURL_STUB = `#!/bin/sh
|
||||
# Test stub for curl: honors -o <file>, prints the HTTP code (as -w would).
|
||||
out=""
|
||||
prev=""
|
||||
for a in "$@"; do
|
||||
if [ "$prev" = "-o" ]; then out="$a"; fi
|
||||
prev="$a"
|
||||
done
|
||||
case "\${STUB_CURL_MODE:-ok}" in
|
||||
ok) [ -n "$out" ] && printf '%s' "$STUB_CURL_BODY" > "$out"; printf '200' ;;
|
||||
error503) [ -n "$out" ] && printf '%s' '{"error":"pulse_unavailable"}' > "$out"; printf '503' ;;
|
||||
netfail) exit 7 ;;
|
||||
esac
|
||||
`;
|
||||
|
||||
let tmp: string;
|
||||
let stubBin: string;
|
||||
|
||||
beforeEach(() => {
|
||||
tmp = mkdtempSync(join(tmpdir(), "gstack-dash-test-"));
|
||||
stubBin = join(tmp, "stub-bin");
|
||||
mkdirSync(stubBin, { recursive: true });
|
||||
writeFileSync(join(stubBin, "curl"), CURL_STUB);
|
||||
chmodSync(join(stubBin, "curl"), 0o755);
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
rmSync(tmp, { recursive: true, force: true });
|
||||
});
|
||||
|
||||
function run(
|
||||
bin: string,
|
||||
opts: {
|
||||
mode: "ok" | "error503" | "netfail";
|
||||
body?: string;
|
||||
json?: boolean;
|
||||
noJq?: boolean;
|
||||
},
|
||||
) {
|
||||
let pathEnv = `${stubBin}:${process.env.PATH || ""}`;
|
||||
if (opts.noJq) {
|
||||
// Whitelist-only PATH: the curl stub plus the real tools the script
|
||||
// needs — everything except jq.
|
||||
const toolBin = join(tmp, "tool-bin");
|
||||
mkdirSync(toolBin, { recursive: true });
|
||||
for (const tool of ["mktemp", "cat", "grep", "head", "sed", "awk", "rm", "sh", "bash", "tr", "tail"]) {
|
||||
const real = Bun.which(tool);
|
||||
if (real) symlinkSync(real, join(toolBin, tool));
|
||||
}
|
||||
pathEnv = `${stubBin}:${toolBin}`;
|
||||
}
|
||||
return spawnSync(BASH, opts.json ? [bin, "--json"] : [bin], {
|
||||
encoding: "utf-8",
|
||||
timeout: 20_000,
|
||||
env: {
|
||||
...process.env,
|
||||
PATH: pathEnv,
|
||||
GSTACK_DIR: ROOT,
|
||||
GSTACK_SUPABASE_URL: "https://stub.supabase.test",
|
||||
GSTACK_SUPABASE_ANON_KEY: "stub-key",
|
||||
STUB_CURL_MODE: opts.mode,
|
||||
STUB_CURL_BODY: opts.body ?? "",
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
describe("gstack-security-dashboard — never reports fake zeros (#1947)", () => {
|
||||
it("backend 503 → unknown, not 0 (human mode)", () => {
|
||||
const r = run(SEC_BIN, { mode: "error503" });
|
||||
expect(r.stdout).toContain("unknown — backend error (HTTP 503)");
|
||||
expect(r.stdout).not.toContain("Attacks detected last 7 days: 0");
|
||||
});
|
||||
|
||||
it("backend 503 → status unknown (json mode)", () => {
|
||||
const r = run(SEC_BIN, { mode: "error503", json: true });
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("unknown");
|
||||
expect(parsed.reason).toBe("backend_error");
|
||||
expect(parsed.security).toBeNull();
|
||||
});
|
||||
|
||||
it("network failure → unknown, not 0", () => {
|
||||
const r = run(SEC_BIN, { mode: "netfail", json: true });
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("unknown");
|
||||
expect(parsed.security).toBeNull();
|
||||
});
|
||||
|
||||
it("jq missing → unknown with install hint, never the lossy-grep zero", () => {
|
||||
const r = run(SEC_BIN, { mode: "ok", body: GOOD_BODY_MARKER, noJq: true });
|
||||
expect(r.stdout).toContain("unknown — install jq");
|
||||
expect(r.stdout).not.toContain("Attacks detected last 7 days: 0");
|
||||
expect(r.stdout).not.toContain("Attacks detected last 7 days: 3");
|
||||
});
|
||||
|
||||
it("jq missing → reason jq_missing (json mode)", () => {
|
||||
const r = run(SEC_BIN, { mode: "ok", body: GOOD_BODY_MARKER, noJq: true, json: true });
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("unknown");
|
||||
expect(parsed.reason).toBe("jq_missing");
|
||||
});
|
||||
|
||||
it("200 + status:ok marker → figures trusted (human mode)", () => {
|
||||
const r = run(SEC_BIN, { mode: "ok", body: GOOD_BODY_MARKER });
|
||||
expect(r.stdout).toContain("Attacks detected last 7 days: 3");
|
||||
expect(r.stdout).toContain("evil.example");
|
||||
expect(r.stdout).not.toContain("unverified");
|
||||
});
|
||||
|
||||
it("200 + status:ok marker → status ok with full security section (json mode)", () => {
|
||||
const r = run(SEC_BIN, { mode: "ok", body: GOOD_BODY_MARKER, json: true });
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("ok");
|
||||
expect(parsed.security.attacks_last_7_days).toBe(3);
|
||||
// Nested arrays survive (the old lossy-grep fallback broke on these).
|
||||
expect(parsed.security.top_attack_domains[0].domain).toBe("evil.example");
|
||||
});
|
||||
|
||||
it("stale cache responses pass the stale flag through (json mode)", () => {
|
||||
const staleBody = JSON.stringify({ ...JSON.parse(GOOD_BODY_MARKER), stale: true });
|
||||
const r = run(SEC_BIN, { mode: "ok", body: staleBody, json: true });
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("ok");
|
||||
expect(parsed.stale).toBe(true);
|
||||
});
|
||||
|
||||
it("stale snapshot is flagged in human mode too — frozen figures never read as current", () => {
|
||||
const staleBody = JSON.stringify({ ...JSON.parse(GOOD_BODY_MARKER), stale: true });
|
||||
const r = run(SEC_BIN, { mode: "ok", body: staleBody });
|
||||
expect(r.stdout).toContain("Attacks detected last 7 days: 3");
|
||||
expect(r.stdout).toContain("stale snapshot");
|
||||
});
|
||||
|
||||
it("200 without marker (legacy backend) → figures shown with unverified note", () => {
|
||||
const r = run(SEC_BIN, { mode: "ok", body: GOOD_BODY_LEGACY });
|
||||
expect(r.stdout).toContain("Attacks detected last 7 days: 3");
|
||||
expect(r.stdout).toContain("unverified");
|
||||
});
|
||||
|
||||
it("200 without marker → legacy_unverified (json mode)", () => {
|
||||
const r = run(SEC_BIN, { mode: "ok", body: GOOD_BODY_LEGACY, json: true });
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("legacy_unverified");
|
||||
expect(parsed.security.attacks_last_7_days).toBe(3);
|
||||
});
|
||||
|
||||
it("200 with a body missing .security → unknown backend_error, never 0", () => {
|
||||
const r = run(SEC_BIN, {
|
||||
mode: "ok",
|
||||
body: JSON.stringify({ weekly_active: 42, status: "ok" }),
|
||||
json: true,
|
||||
});
|
||||
const parsed = JSON.parse(r.stdout.trim());
|
||||
expect(parsed.status).toBe("unknown");
|
||||
expect(parsed.reason).toBe("backend_error");
|
||||
expect(parsed.security).toBeNull();
|
||||
});
|
||||
});
|
||||
|
||||
describe("gstack-community-dashboard — never reports fake zeros (#1947)", () => {
|
||||
it("backend 503 → unknown, not 'Weekly active installs: 0'", () => {
|
||||
const r = run(COMM_BIN, { mode: "error503" });
|
||||
expect(r.stdout).toContain("unknown — backend error (HTTP 503)");
|
||||
expect(r.stdout).not.toContain("Weekly active installs: 0");
|
||||
});
|
||||
|
||||
it("network failure → unknown, not 0", () => {
|
||||
const r = run(COMM_BIN, { mode: "netfail" });
|
||||
expect(r.stdout).toContain("unknown — backend error (HTTP 000)");
|
||||
expect(r.stdout).not.toContain("Weekly active installs:");
|
||||
});
|
||||
|
||||
it("200 + status:ok marker → figures shown without unverified note", () => {
|
||||
const r = run(COMM_BIN, { mode: "ok", body: GOOD_BODY_MARKER });
|
||||
expect(r.stdout).toContain("Weekly active installs: 42");
|
||||
expect(r.stdout).not.toContain("unverified");
|
||||
});
|
||||
|
||||
it("200 without marker (legacy backend) → figures shown with unverified note", () => {
|
||||
const r = run(COMM_BIN, { mode: "ok", body: GOOD_BODY_LEGACY });
|
||||
expect(r.stdout).toContain("Weekly active installs: 42");
|
||||
expect(r.stdout).toContain("unverified");
|
||||
});
|
||||
|
||||
it("200 with a garbage body (no weekly_active) → unknown, never 0", () => {
|
||||
const r = run(COMM_BIN, { mode: "ok", body: '{"error":"weird"}' });
|
||||
expect(r.stdout).toContain("unknown — backend error (HTTP 200)");
|
||||
expect(r.stdout).not.toContain("Weekly active installs:");
|
||||
});
|
||||
|
||||
it("whitespaced marker ('\"status\": \"ok\"') still classified as verified when jq is present", () => {
|
||||
// Pre-landing review: the grep-only marker check was whitespace-sensitive;
|
||||
// a proxy-reserialized body must not be misclassified as legacy.
|
||||
const spaced = GOOD_BODY_MARKER.replace('"status":"ok"', '"status": "ok"');
|
||||
const r = run(COMM_BIN, { mode: "ok", body: spaced });
|
||||
expect(r.stdout).toContain("Weekly active installs: 42");
|
||||
expect(r.stdout).not.toContain("unverified");
|
||||
});
|
||||
|
||||
it("stale snapshot flagged in human mode (matches security-dashboard)", () => {
|
||||
const staleBody = JSON.stringify({ ...JSON.parse(GOOD_BODY_MARKER), stale: true });
|
||||
const r = run(COMM_BIN, { mode: "ok", body: staleBody });
|
||||
expect(r.stdout).toContain("Weekly active installs: 42");
|
||||
expect(r.stdout).toContain("stale snapshot");
|
||||
});
|
||||
|
||||
it("network failure reports HTTP 000, never a doubled 000000", () => {
|
||||
// Adversarial review finding 6: curl prints its own 000 before a
|
||||
// non-zero exit; a `|| echo` doubled it in user-facing output.
|
||||
const r = run(COMM_BIN, { mode: "netfail" });
|
||||
expect(r.stdout).toContain("(HTTP 000)");
|
||||
expect(r.stdout).not.toContain("000000");
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user