mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-14 16:07:34 +02:00
98 lines
4.0 KiB
Go
98 lines
4.0 KiB
Go
package app
|
|
|
|
import (
|
|
"context"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"cyberstrike-ai/internal/authctx"
|
|
"cyberstrike-ai/internal/database"
|
|
"cyberstrike-ai/internal/mcp/builtin"
|
|
"cyberstrike-ai/internal/security"
|
|
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
func TestMCPToolAuthorizerEnforcesPermissionAndResource(t *testing.T) {
|
|
db, err := database.NewDB(filepath.Join(t.TempDir(), "mcp-authz.db"), zap.NewNop())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer db.Close()
|
|
user, err := db.CreateRBACUser("mcp-user", "MCP User", "hash", true, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
for _, id := range []string{"ws_allowed", "ws_hidden"} {
|
|
if err := db.CreateWebshellConnection(&database.WebShellConnection{ID: id, URL: "http://127.0.0.1/" + id, Type: "php", Method: "post", CmdParam: "cmd", CreatedAt: time.Now()}); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
if err := db.AssignResourceToUser(user.ID, "webshell", "ws_allowed"); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
principal := authctx.NewPrincipal(user.ID, user.Username, database.RBACScopeAssigned, map[string]bool{"mcp:write": true, "webshell:write": true})
|
|
ctx := authctx.WithPrincipal(context.Background(), principal)
|
|
authorize := mcpToolAuthorizer(db)
|
|
if err := authorize(ctx, builtin.ToolWebshellExec, map[string]interface{}{"connection_id": "ws_allowed"}); err != nil {
|
|
t.Fatalf("allowed resource denied: %v", err)
|
|
}
|
|
if err := authorize(ctx, builtin.ToolWebshellExec, map[string]interface{}{"connection_id": "ws_hidden"}); err == nil {
|
|
t.Fatal("foreign webshell resource was allowed")
|
|
}
|
|
if err := authorize(ctx, builtin.ToolManageWebshellDelete, map[string]interface{}{"connection_id": "ws_allowed"}); err == nil {
|
|
t.Fatal("delete without webshell:delete was allowed")
|
|
}
|
|
}
|
|
|
|
func TestEveryBuiltinMCPToolHasExplicitAuthorizationPolicy(t *testing.T) {
|
|
db, err := database.NewDB(filepath.Join(t.TempDir(), "mcp-policy-inventory.db"), zap.NewNop())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer db.Close()
|
|
permissions := map[string]bool{}
|
|
for permission := range security.PermissionCatalog {
|
|
permissions[permission] = true
|
|
}
|
|
ctx := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("admin", "admin", database.RBACScopeAll, permissions))
|
|
authorize := mcpToolAuthorizer(db)
|
|
args := map[string]interface{}{
|
|
"action": "get", "connection_id": "x", "queue_id": "x", "listener_id": "x",
|
|
"session_id": "x", "task_id": "x", "id": "x", "conversation_id": "x",
|
|
}
|
|
for _, toolName := range builtin.GetAllBuiltinTools() {
|
|
err := authorize(ctx, toolName, args)
|
|
if err != nil && strings.Contains(err.Error(), "no authorization policy registered") {
|
|
t.Errorf("builtin tool %s has no explicit policy", toolName)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestExternalMCPRequiresDedicatedPermission(t *testing.T) {
|
|
authorize := externalMCPToolAuthorizer()
|
|
ctx := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("u1", "user", database.RBACScopeAssigned, map[string]bool{"agent:execute": true}))
|
|
if err := authorize(ctx, "server::tool", nil); err == nil {
|
|
t.Fatal("agent:execute alone authorized an external MCP tool")
|
|
}
|
|
ctx = authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("u1", "user", database.RBACScopeAll, map[string]bool{"mcp:external:execute": true}))
|
|
if err := authorize(ctx, "server::tool", nil); err != nil {
|
|
t.Fatalf("dedicated external MCP permission rejected: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestConfiguredCommandToolRequiresLocalExecutePermission(t *testing.T) {
|
|
authorize := mcpToolAuthorizer(nil)
|
|
agentOnly := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("u1", "user", database.RBACScopeAssigned, map[string]bool{"agent:execute": true}))
|
|
if err := authorize(agentOnly, "nmap_scan", nil); err == nil {
|
|
t.Fatal("agent:execute alone authorized a configured command tool")
|
|
}
|
|
local := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("u1", "user", database.RBACScopeAssigned, map[string]bool{"agent:local-execute": true}))
|
|
if err := authorize(local, "nmap_scan", nil); err != nil {
|
|
t.Fatalf("agent:local-execute rejected: %v", err)
|
|
}
|
|
}
|