azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
565b6458baeebff6fbfbf3f51bb02a52dbea0ab4
claudetools/tests/test_sql_injection_simple.sh
Mike Swanson 06f7617718 feat: Major directory reorganization and cleanup 
Reorganized project structure for better maintainability and reduced
disk usage by 95.9% (11 GB -> 451 MB).

Directory Reorganization (85% reduction in root files):
- Created docs/ with subdirectories (deployment, testing, database, etc.)
- Created infrastructure/vpn-configs/ for VPN scripts
- Moved 90+ files from root to organized locations
- Archived obsolete documentation (context system, offline mode, zombie debugging)
- Moved all test files to tests/ directory
- Root directory: 119 files -> 18 files

Disk Cleanup (10.55 GB recovered):
- Deleted Rust build artifacts: 9.6 GB (target/ directories)
- Deleted Python virtual environments: 161 MB (venv/ directories)
- Deleted Python cache: 50 KB (__pycache__/)

New Structure:
- docs/ - All documentation organized by category
- docs/archives/ - Obsolete but preserved documentation
- infrastructure/ - VPN configs and SSH setup
- tests/ - All test files consolidated
- logs/ - Ready for future logs

Benefits:
- Cleaner root directory (18 vs 119 files)
- Logical organization of documentation
- 95.9% disk space reduction
- Faster navigation and discovery
- Better portability (build artifacts excluded)

Build artifacts can be regenerated:
- Rust: cargo build --release (5-15 min per project)
- Python: pip install -r requirements.txt (2-3 min)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-18 20:42:28 -07:00

163 lines
5.2 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Simplified SQL Injection Security Tests
# Tests the recall API endpoint against SQL injection attacks
#
API_URL="http://172.16.3.30:8001/api"
# Get JWT token from setup config if it exists
if [ -f ".claude/context-recall-config.env" ]; then
source .claude/context-recall-config.env
fi
# Test counter
TOTAL_TESTS=0
PASSED_TESTS=0
FAILED_TESTS=0
# Color codes
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Test function
run_test() {
local test_name="$1"
local search_term="$2"
local expected_status="$3"
local test_type="${4:-search_term}" # search_term or tag
TOTAL_TESTS=$((TOTAL_TESTS + 1))
# Build curl command based on test type
if [ "$test_type" = "tag" ]; then
response=$(curl -s -w "\n%{http_code}" -X GET "$API_URL/conversation-contexts/recall?tags[]=$search_term" \
-H "Authorization: Bearer $JWT_TOKEN" 2>&1)
else
response=$(curl -s -w "\n%{http_code}" -X GET "$API_URL/conversation-contexts/recall?search_term=$search_term" \
-H "Authorization: Bearer $JWT_TOKEN" 2>&1)
fi
http_code=$(echo "$response" | tail -1)
body=$(echo "$response" | sed '$d')
# Check if status code matches expected
if [ "$http_code" = "$expected_status" ]; then
echo -e "${GREEN}[PASS]${NC} $test_name (HTTP $http_code)"
PASSED_TESTS=$((PASSED_TESTS + 1))
return 0
else
echo -e "${RED}[FAIL]${NC} $test_name"
echo " Expected: HTTP $expected_status"
echo " Got: HTTP $http_code"
echo " Response: $body"
FAILED_TESTS=$((FAILED_TESTS + 1))
return 1
fi
}
# Print header
echo "======================================================================="
echo "SQL INJECTION SECURITY TEST SUITE - Simplified"
echo "======================================================================="
echo ""
echo "Target: $API_URL/conversation-contexts/recall"
echo ""
# Verify JWT token
if [ -z "$JWT_TOKEN" ]; then
echo -e "${RED}[ERROR]${NC} JWT_TOKEN not set. Run setup-context-recall.sh first."
exit 1
fi
echo "Testing SQL injection vulnerabilities..."
echo ""
# Test 1: Basic SQL injection with single quote (should be rejected - 422)
run_test "Basic SQL injection: ' OR '1'='1" "' OR '1'='1" "422"
# Test 2: UNION attack (should be rejected - 422)
run_test "UNION attack: ' UNION SELECT * FROM users--" "' UNION SELECT * FROM users--" "422"
# Test 3: Comment injection (should be rejected - 422)
run_test "Comment injection: test' --" "test' --" "422"
# Test 4: Semicolon attack (should be rejected - 422)
run_test "Semicolon attack: test'; DROP TABLE conversation_contexts;--" "test'; DROP TABLE conversation_contexts;--" "422"
# Test 5: Time-based blind SQLi (should be rejected - 422)
run_test "Time-based blind: ' AND SLEEP(5)--" "' AND SLEEP(5)--" "422"
# Test 6: Stacked queries (should be rejected - 422)
run_test "Stacked queries: test; DELETE FROM contexts" "test; DELETE FROM contexts" "422"
# Test 7: SQL injection via tags (should be rejected - 400)
run_test "Tag injection: ' OR '1'='1" "' OR '1'='1" "400" "tag"
# Test 8: Tag UNION attack (should be rejected - 400)
run_test "Tag UNION: tag' UNION SELECT--" "tag' UNION SELECT--" "400" "tag"
# Valid inputs (should succeed - 200)
echo ""
echo "Testing valid inputs (should work)..."
echo ""
# Test 9: Valid alphanumeric search (should succeed - 200)
run_test "Valid search: API development" "API development" "200"
# Test 10: Valid search with allowed punctuation (should succeed - 200)
run_test "Valid punctuation: database-migration (phase-1)!" "database-migration (phase-1)!" "200"
# Test 11: Valid tags (should succeed - 200)
run_test "Valid tags: api-test" "api-test" "200" "tag"
# Test 12: Verify database still works after attacks (should succeed - 200)
echo ""
echo "Verifying database integrity..."
echo ""
response=$(curl -s -w "\n%{http_code}" -X GET "$API_URL/conversation-contexts/recall?limit=5" \
-H "Authorization: Bearer $JWT_TOKEN" 2>&1)
http_code=$(echo "$response" | tail -1)
if [ "$http_code" = "200" ]; then
echo -e "${GREEN}[PASS]${NC} Database integrity check (HTTP $http_code)"
PASSED_TESTS=$((PASSED_TESTS + 1))
TOTAL_TESTS=$((TOTAL_TESTS + 1))
else
echo -e "${RED}[FAIL]${NC} Database integrity check"
echo " Expected: HTTP 200"
echo " Got: HTTP $http_code"
FAILED_TESTS=$((FAILED_TESTS + 1))
TOTAL_TESTS=$((TOTAL_TESTS + 1))
fi
# Print summary
echo ""
echo "======================================================================="
echo "TEST SUMMARY"
echo "======================================================================="
echo "Total Tests: $TOTAL_TESTS"
echo -e "${GREEN}Passed: $PASSED_TESTS${NC}"
if [ $FAILED_TESTS -gt 0 ]; then
echo -e "${RED}Failed: $FAILED_TESTS${NC}"
else
echo -e "${GREEN}Failed: $FAILED_TESTS${NC}"
fi
pass_rate=$(awk "BEGIN {printf \"%.1f\", ($PASSED_TESTS/$TOTAL_TESTS)*100}")
echo "Pass Rate: $pass_rate%"
echo ""
if [ $FAILED_TESTS -eq 0 ]; then
echo -e "${GREEN}[SUCCESS]${NC} All SQL injection tests passed!"
echo "The API is properly protected against SQL injection attacks."
exit 0
else
echo -e "${RED}[FAILURE]${NC} Some tests failed!"
echo "Review the failed tests above for security vulnerabilities."
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink