Add extra "is_injection" tests

AikidoSec · Sep 17, 2024 · c17312b · c17312b
1 parent 7a53713
commit c17312b
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/aikido_zen/vulnerabilities/code_injection/detect_code_injection_test.py b/aikido_zen/vulnerabilities/code_injection/detect_code_injection_test.py
@@ -62,3 +62,39 @@ def test_not_in_userinput_not_injection():
 
 def test_injection_with_maths():
     is_injection("1 + 2 + (3 // 4)", "(3 // 4)")
+
+
+def test_simple_injections():
+    is_injection("os.system('ls')", "os.system('ls')")
+    is_injection("exec('print(1)')", "exec('print(1)')")
+    is_injection("eval('2 + 2')", "eval('2 + 2')")
+    is_injection(
+        "__import__('os').system('rm -rf /')", "__import__('os').system('rm -rf /')"
+    )
+
+
+def test_string_injections():
+    is_injection("print('Hello, World!')")
+    is_injection("input('Enter your name: ')")
+    is_injection("os.system('rm -rf /');")
+
+
+def test_nested_injections():
+    is_injection("eval('print(1)')")
+    is_injection("eval('os.system('ls')')")
+    is_injection("exec('print(2)')")
+    is_injection("exec('os.system('ls')')")
+
+
+def test_edge_cases():
+    is_injection("a = 1; b = 2")
+    is_injection("b = 2; os.system('ls')")
+    is_injection("def f(): pass")
+    is_injection("f(); os.system('ls')")
+
+
+def test_injection_with_special_characters():
+    is_injection("print('Hello!')")
+    is_injection("rm -rf /; #")
+    is_injection("print('Goodbye!')")
+    is_injection("echo 'Hacked!'; #")