Merge pull request #77 from aguzererler/security-fix-nlm-subprocess-injection-14014624082945194366
This commit is contained in:
ahmet guzererler
GitHub
commit
26bbe853c1
|
|
@ -61,18 +61,26 @@ def test_sync_performs_delete_then_add(mock_nlm_path):
|
||||||
# Check list call
|
# Check list call
|
||||||
args, kwargs = mock_run.call_args_list[0]
|
args, kwargs = mock_run.call_args_list[0]
|
||||||
assert "list" in args[0]
|
assert "list" in args[0]
|
||||||
|
assert "--json" in args[0]
|
||||||
|
assert "--" in args[0]
|
||||||
assert notebook_id in args[0]
|
assert notebook_id in args[0]
|
||||||
|
|
||||||
# Check delete call
|
# Check delete call
|
||||||
args, kwargs = mock_run.call_args_list[1]
|
args, kwargs = mock_run.call_args_list[1]
|
||||||
assert "delete" in args[0]
|
assert "delete" in args[0]
|
||||||
|
assert "-y" in args[0]
|
||||||
|
assert "--" in args[0]
|
||||||
|
assert notebook_id in args[0]
|
||||||
assert source_id in args[0]
|
assert source_id in args[0]
|
||||||
|
|
||||||
# Check add call
|
# Check add call
|
||||||
args, kwargs = mock_run.call_args_list[2]
|
args, kwargs = mock_run.call_args_list[2]
|
||||||
assert "add" in args[0]
|
assert "add" in args[0]
|
||||||
assert "--text" in args[0]
|
assert "--file" in args[0]
|
||||||
assert content in args[0]
|
assert str(digest_path) in args[0]
|
||||||
|
assert "--wait" in args[0]
|
||||||
|
assert "--" in args[0]
|
||||||
|
assert notebook_id in args[0]
|
||||||
|
|
||||||
def test_sync_adds_directly_when_none_exists(mock_nlm_path):
|
def test_sync_adds_directly_when_none_exists(mock_nlm_path):
|
||||||
"""Should add new source directly if no existing one is found."""
|
"""Should add new source directly if no existing one is found."""
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,107 @@
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
from pathlib import Path
|
||||||
|
from unittest.mock import MagicMock, patch
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
from tradingagents.notebook_sync import sync_to_notebooklm
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_nlm_path(tmp_path):
|
||||||
|
nlm = tmp_path / "nlm"
|
||||||
|
nlm.touch(mode=0o755)
|
||||||
|
return str(nlm)
|
||||||
|
|
||||||
|
def test_security_argument_injection(mock_nlm_path, tmp_path):
|
||||||
|
"""
|
||||||
|
Test that positional arguments starting with a hyphen are handled safely
|
||||||
|
and that content is passed via file to avoid ARG_MAX issues and injection.
|
||||||
|
"""
|
||||||
|
# Malicious notebook_id that looks like a flag
|
||||||
|
notebook_id = "--some-flag"
|
||||||
|
digest_path = tmp_path / "malicious.md"
|
||||||
|
digest_path.write_text("Some content")
|
||||||
|
date = "2026-03-19"
|
||||||
|
|
||||||
|
with patch.dict(os.environ, {"NOTEBOOKLM_ID": notebook_id}):
|
||||||
|
with patch("shutil.which", return_value=mock_nlm_path):
|
||||||
|
with patch("subprocess.run") as mock_run:
|
||||||
|
# Mock 'source list'
|
||||||
|
list_result = MagicMock()
|
||||||
|
list_result.returncode = 0
|
||||||
|
list_result.stdout = "[]"
|
||||||
|
|
||||||
|
# Mock 'source add'
|
||||||
|
add_result = MagicMock()
|
||||||
|
add_result.returncode = 0
|
||||||
|
|
||||||
|
mock_run.side_effect = [list_result, add_result]
|
||||||
|
|
||||||
|
sync_to_notebooklm(digest_path, date)
|
||||||
|
|
||||||
|
# 1. Check 'source list' call
|
||||||
|
# Expected: [nlm, "source", "list", "--json", "--", notebook_id]
|
||||||
|
list_args = mock_run.call_args_list[0][0][0]
|
||||||
|
assert list_args[0] == mock_nlm_path
|
||||||
|
assert list_args[1:3] == ["source", "list"]
|
||||||
|
assert "--json" in list_args
|
||||||
|
assert "--" in list_args
|
||||||
|
# "--" should be before the notebook_id
|
||||||
|
dash_idx = list_args.index("--")
|
||||||
|
id_idx = list_args.index(notebook_id)
|
||||||
|
assert dash_idx < id_idx
|
||||||
|
|
||||||
|
# 2. Check 'source add' call
|
||||||
|
# Expected: [nlm, "source", "add", "--title", title, "--file", str(digest_path), "--wait", "--", notebook_id]
|
||||||
|
add_args = mock_run.call_args_list[1][0][0]
|
||||||
|
assert add_args[0] == mock_nlm_path
|
||||||
|
assert add_args[1:3] == ["source", "add"]
|
||||||
|
assert "--title" in add_args
|
||||||
|
assert "--file" in add_args
|
||||||
|
assert str(digest_path) in add_args
|
||||||
|
assert "--text" not in add_args # Vulnerable --text should be gone
|
||||||
|
assert "--wait" in add_args
|
||||||
|
assert "--" in add_args
|
||||||
|
|
||||||
|
dash_idx = add_args.index("--")
|
||||||
|
id_idx = add_args.index(notebook_id)
|
||||||
|
assert dash_idx < id_idx
|
||||||
|
|
||||||
|
def test_security_delete_injection(mock_nlm_path):
|
||||||
|
"""Test that source_id in delete is also handled safely with --."""
|
||||||
|
notebook_id = "normal-id"
|
||||||
|
source_id = "--delete-everything"
|
||||||
|
|
||||||
|
with patch.dict(os.environ, {"NOTEBOOKLM_ID": notebook_id}):
|
||||||
|
with patch("shutil.which", return_value=mock_nlm_path):
|
||||||
|
with patch("subprocess.run") as mock_run:
|
||||||
|
# Mock 'source list' finding the malicious source_id
|
||||||
|
list_result = MagicMock()
|
||||||
|
list_result.returncode = 0
|
||||||
|
list_result.stdout = json.dumps([{"id": source_id, "title": "Daily Trading Digest (2026-03-19)"}])
|
||||||
|
|
||||||
|
# Mock 'source delete'
|
||||||
|
delete_result = MagicMock()
|
||||||
|
delete_result.returncode = 0
|
||||||
|
|
||||||
|
# Mock 'source add'
|
||||||
|
add_result = MagicMock()
|
||||||
|
add_result.returncode = 0
|
||||||
|
|
||||||
|
mock_run.side_effect = [list_result, delete_result, add_result]
|
||||||
|
|
||||||
|
sync_to_notebooklm(Path("test.md"), "2026-03-19")
|
||||||
|
|
||||||
|
# Check 'source delete' call
|
||||||
|
# Expected: [nlm, "source", "delete", "-y", "--", notebook_id, source_id]
|
||||||
|
delete_args = mock_run.call_args_list[1][0][0]
|
||||||
|
assert delete_args[1:3] == ["source", "delete"]
|
||||||
|
assert "-y" in delete_args
|
||||||
|
assert "--" in delete_args
|
||||||
|
|
||||||
|
dash_idx = delete_args.index("--")
|
||||||
|
id_idx = delete_args.index(notebook_id)
|
||||||
|
sid_idx = delete_args.index(source_id)
|
||||||
|
assert dash_idx < id_idx
|
||||||
|
assert dash_idx < sid_idx
|
||||||
|
|
@ -51,7 +51,6 @@ def sync_to_notebooklm(digest_path: Path, date: str, notebook_id: str | None = N
|
||||||
console.print("[yellow]Warning: nlm CLI not found — skipping NotebookLM sync[/yellow]")
|
console.print("[yellow]Warning: nlm CLI not found — skipping NotebookLM sync[/yellow]")
|
||||||
return
|
return
|
||||||
|
|
||||||
content = digest_path.read_text()
|
|
||||||
title = f"Daily Trading Digest ({date})"
|
title = f"Daily Trading Digest ({date})"
|
||||||
|
|
||||||
# Find and delete existing source with the same title
|
# Find and delete existing source with the same title
|
||||||
|
|
@ -60,14 +59,15 @@ def sync_to_notebooklm(digest_path: Path, date: str, notebook_id: str | None = N
|
||||||
_delete_source(nlm, notebook_id, existing_source_id)
|
_delete_source(nlm, notebook_id, existing_source_id)
|
||||||
|
|
||||||
# Add as a new source
|
# Add as a new source
|
||||||
_add_source(nlm, notebook_id, content, title)
|
_add_source(nlm, notebook_id, digest_path, title)
|
||||||
|
|
||||||
|
|
||||||
def _find_source(nlm: str, notebook_id: str, title: str) -> str | None:
|
def _find_source(nlm: str, notebook_id: str, title: str) -> str | None:
|
||||||
"""Return the source ID for the daily digest, or None if not found."""
|
"""Return the source ID for the daily digest, or None if not found."""
|
||||||
try:
|
try:
|
||||||
|
# Use -- to separate options from positional arguments
|
||||||
result = subprocess.run(
|
result = subprocess.run(
|
||||||
[nlm, "source", "list", notebook_id, "--json"],
|
[nlm, "source", "list", "--json", "--", notebook_id],
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
text=True,
|
text=True,
|
||||||
)
|
)
|
||||||
|
|
@ -85,8 +85,9 @@ def _find_source(nlm: str, notebook_id: str, title: str) -> str | None:
|
||||||
def _delete_source(nlm: str, notebook_id: str, source_id: str) -> None:
|
def _delete_source(nlm: str, notebook_id: str, source_id: str) -> None:
|
||||||
"""Delete an existing source."""
|
"""Delete an existing source."""
|
||||||
try:
|
try:
|
||||||
|
# Use -- to separate options from positional arguments
|
||||||
subprocess.run(
|
subprocess.run(
|
||||||
[nlm, "source", "delete", notebook_id, source_id, "-y"],
|
[nlm, "source", "delete", "-y", "--", notebook_id, source_id],
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
text=True,
|
text=True,
|
||||||
check=False, # Ignore non-zero exit since nlm sometimes fails even on success
|
check=False, # Ignore non-zero exit since nlm sometimes fails even on success
|
||||||
|
|
@ -95,11 +96,13 @@ def _delete_source(nlm: str, notebook_id: str, source_id: str) -> None:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def _add_source(nlm: str, notebook_id: str, content: str, title: str) -> None:
|
def _add_source(nlm: str, notebook_id: str, digest_path: Path, title: str) -> None:
|
||||||
"""Add content as a new source."""
|
"""Add content as a new source."""
|
||||||
try:
|
try:
|
||||||
|
# Use --file instead of --text to avoid ARG_MAX issues and shell injection.
|
||||||
|
# Use -- to separate options from positional arguments.
|
||||||
result = subprocess.run(
|
result = subprocess.run(
|
||||||
[nlm, "source", "add", notebook_id, "--title", title, "--text", content, "--wait"],
|
[nlm, "source", "add", "--title", title, "--file", str(digest_path), "--wait", "--", notebook_id],
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
text=True,
|
text=True,
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue