Timmy_Foundation/the-nexus
15
1
Fork 2
Code Issues 77 Pull Requests 82 Actions Packages Projects Releases Wiki Activity
Files
e98ce44ee18b170eb109897c8cb0724a3bd85b1e
the-nexus/tests/test_electron_security.py
Alexander Whitestone e98ce44ee1
Some checks failed
CI / test (pull_request) Failing after 1m39s
Details
Review Approval Gate / verify-review (pull_request) Successful in 15s
Details
CI / validate (pull_request) Failing after 1m5s
Details
fix(#1423): Prevent command injection in Electron MemPalace bridge 
SECURITY: The Electron IPC handler exposed raw child_process.exec() to
renderer code, allowing arbitrary command execution via shell metacharacters.

Changes:
- electron-main.js: Replace exec() with execFile() + argument arrays
  Add operation whitelist (ALLOWED_MEMPALACE_OPS)
  Add sanitizeArg() to reject shell metacharacters (;, &, |, `, $, etc.)
  Both exec-python (legacy) and new mempalace-exec IPC handlers are safe
- mempalace.js: Replace template-interpolated shell strings with safe
  _exec(op, ...args) method using the new mempalace-exec IPC
- app.js: Remove direct execPython call with template interpolation,
  use mempalace.addDrawer() instead
- preload.js: New context bridge exposing mempalaceExec and restricted
  execPython to renderer
- tests/test_electron_security.py: 7 security assertions

The old pattern:
  exec(`mempalace search "${userInput}"`)
  // user submits: "; rm -rf /"
  // executes: mempalace search ""; rm -rf /""

The new pattern:
  execFile('mempalace', ['search', userInput])
  // user submits: "; rm -rf /"
  // executes: mempalace 'search' '"; rm -rf /"'
  // metacharacters are rejected by sanitizeArg()
2026-04-14 23:26:40 -04:00

69 lines
3.2 KiB
Python
Raw Blame History

"""Test that electron-main.js security fix prevents command injection."""
import subprocess
import re
def test_no_raw_exec():
"""electron-main.js should not use child_process.exec (only execFile)."""
content = open('electron-main.js').read()
# Should use execFile, not exec
assert 'execFile' in content, "Should use execFile for safe subprocess execution"
# Should NOT have raw exec import (allow execFile which contains 'exec')
lines = content.split('\n')
for line in lines:
if 'require' in line and 'exec' in line:
assert 'execFile' in line, f"Should import execFile, not exec: {line}"
def test_command_whitelist():
"""electron-main.js should have a whitelist of allowed operations."""
content = open('electron-main.js').read()
assert 'ALLOWED_MEMPALACE_OPS' in content, "Should have operation whitelist"
assert 'search' in content, "Whitelist should include 'search'"
assert 'init' in content, "Whitelist should include 'init'"
def test_shell_metacharacter_rejection():
"""electron-main.js should reject shell metacharacters in arguments."""
content = open('electron-main.js').read()
assert 'sanitizeArg' in content, "Should have argument sanitizer"
assert 'metacharacter' in content.lower() or 'metacharacters' in content.lower() or '[;&|`$()' in content, \
"Should check for shell metacharacters"
def test_mempalace_no_template_interpolation():
"""mempalace.js should not use template literals with shell commands."""
content = open('mempalace.js').read()
# Should NOT have backtick strings with shell commands
dangerous_patterns = re.findall(r'`mempalace\s', content)
assert len(dangerous_patterns) == 0, \
f"mempalace.js should not have template-interpolated shell commands, found: {dangerous_patterns}"
def test_mempalace_uses_safe_ipc():
"""mempalace.js should use the safe mempalace-exec IPC."""
content = open('mempalace.js').read()
assert 'mempalaceExec' in content or '_exec' in content, \
"mempalace.js should use safe IPC method"
assert 'execPython' not in content, \
"mempalace.js should not reference the legacy execPython"
def test_app_no_template_interpolation():
"""app.js should not have template-interpolated shell commands."""
content = open('app.js').read()
dangerous = re.findall(r'`mempalace\s', content)
assert len(dangerous) == 0, \
f"app.js should not have template-interpolated mempalace commands, found: {dangerous}"
def test_preload_exposes_safe_api():
"""preload.js should expose mempalaceExec through context bridge."""
content = open('preload.js').read()
assert 'mempalaceExec' in content, "preload.js should expose mempalaceExec"
assert 'contextBridge' in content, "preload.js should use contextBridge"
assert 'exec-python' in content, "preload.js should still expose legacy exec-python bridge"
if __name__ == '__main__':
test_no_raw_exec()
test_command_whitelist()
test_shell_metacharacter_rejection()
test_mempalace_no_template_interpolation()
test_mempalace_uses_safe_ipc()
test_app_no_template_interpolation()
test_preload_exposes_safe_api()
print("All security tests passed")
Reference in New Issue View Git Blame Copy Permalink