From 89fee94f36d2874f8b34962cbf18396a22552ee6 Mon Sep 17 00:00:00 2001 From: "assisted-by-ai (Bot Account)" Date: Tue, 2 Dec 2025 04:14:34 -0500 Subject: [PATCH] Add tests for remaining C1 controls --- .../stdisplay/tests/stdisplay.py | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/usr/lib/python3/dist-packages/stdisplay/tests/stdisplay.py b/usr/lib/python3/dist-packages/stdisplay/tests/stdisplay.py index 8224552..71f41e1 100644 --- a/usr/lib/python3/dist-packages/stdisplay/tests/stdisplay.py +++ b/usr/lib/python3/dist-packages/stdisplay/tests/stdisplay.py @@ -43,9 +43,90 @@ ("\033[", "_["), ("\x1b[2K", "_[2K"), ("\\x1b[2K", "\\x1b[2K"), + ("zero\u200bwidth", "zero_width"), + ("A\u202Er", "A_r"), + ("prefix\u202astack\u202cpostfix", "prefix_stack_postfix"), + ("isolate\u2066ltr\u2069end", "isolate_ltr_end"), + ("join\u200dhere", "join_here"), + ("soft\u00adhyphen", "soft_hyphen"), + ("byte\ufefforder", "byte_order"), + ("object\ufffcreplacement", "object_replacement"), + ("emoji\ufe0fselector", "emoji_selector"), ] +class TestSTDisplayMaliciousCases(unittest.TestCase): + """Extra coverage for hostile escape sequences.""" + + def test_non_sgr_escape_sequences_are_redacted(self) -> None: + """Ensure sequences outside the SGR allowlist are neutralized.""" + + cases = [ + ("\x1b]0;evil title\x07", "_]0;evil title_"), + ("\x1bP1;2|malicious\x1b\\", "_P1;2|malicious_\\"), + ("\x1b_Gf=24,s=1,v=1;AAAA\x1b\\", "__Gf=24,s=1,v=1;AAAA_\\"), + ("\x1b%Gpayload", "_%Gpayload"), + ("\u009b31mnot-sgr", "_31mnot-sgr"), + ] + + for text, expected_result in cases: + with self.subTest(text=text, expected_result=expected_result): + result = stdisplay(text) + self.assertEqual(result, expected_result) + + def test_additional_control_strings_are_redacted(self) -> None: + """Cover further control strings that are not SGR.""" + + cases = [ + ("\x1b_application command\x1b\\", "__application command_\\"), + ("\x1b^privacy\x1b\\", "_^privacy_\\"), + ("\x1bXsave me\x1b\\", "_Xsave me_\\"), + ("\u009fstate\u009c", "_state_"), + ] + + for text, expected_result in cases: + with self.subTest(text=text, expected_result=expected_result): + result = stdisplay(text) + self.assertEqual(result, expected_result) + + def test_c1_controls_and_8bit_strings_are_redacted(self) -> None: + """Ensure single C1 controls and 8-bit string commands are neutralized.""" + + cases = [ + ("\u0084wrap\u008d", "_wrap_"), + ("\u009dhard-title\u009c", "_hard-title_"), + ("\u0090capture\u009c", "_capture_"), + ("\u0098privacy\u009c", "_privacy_"), + ("\u0091safe\u009c", "_safe_"), + ("\u0085hard\u008a", "_hard_"), + ("\u0080pad\u008f", "_pad_"), + ("\u0092status\u0097", "_status_"), + ] + + for text, expected_result in cases: + with self.subTest(text=text, expected_result=expected_result): + result = stdisplay(text) + self.assertEqual(result, expected_result) + + def test_miscellaneous_controls_and_nested_strings_are_redacted(self) -> None: + """Probe additional C0/C1 controls and nested string payloads.""" + + cases = [ + ("visible\x0eshift\x0f", "visible_shift_"), + ("erase\x18me\x1a", "erase_me_"), + ("units\x1cgroup\x1f", "units_group_"), + ("\x1b]52;;\x1b]0;X\x07", "_]52;;_]0;X_"), + ("\x1b]52;c;clip\x07", "_]52;c;clip_"), + ("\x1bPqpayload\x07", "_Pqpayload_"), + ("\x1bP2$tight\x1b\\", "_P2$tight_\\"), + ] + + for text, expected_result in cases: + with self.subTest(text=text, expected_result=expected_result): + result = stdisplay(text) + self.assertEqual(result, expected_result) + + class TestSTDisplay(unittest.TestCase): """ Test stdisplay