mirror of
https://github.com/danielmiessler/Fabric.git
synced 2026-01-08 22:08:03 -05:00
21f258caa4
CHANGES - Integrate notification sending into chat processing workflow - Add --notification and --notification-command CLI flags and help - Provide cross-platform providers: macOS, Linux, Windows with fallbacks - Escape shell metacharacters to prevent injection vulnerabilities - Truncate Unicode output safely for notification message previews - Update bash, zsh, fish completions with new notification options - Add docs and YAML examples for configuration and customization - Add unit tests for providers and notification integration paths
167 lines
4.1 KiB
Go
167 lines
4.1 KiB
Go
package cli
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/danielmiessler/fabric/internal/domain"
|
|
)
|
|
|
|
func TestSendNotification_SecurityEscaping(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
title string
|
|
message string
|
|
command string
|
|
expectError bool
|
|
description string
|
|
}{
|
|
{
|
|
name: "Normal content",
|
|
title: "Test Title",
|
|
message: "Test message content",
|
|
command: `echo "Title: $1, Message: $2"`,
|
|
expectError: false,
|
|
description: "Normal content should work fine",
|
|
},
|
|
{
|
|
name: "Content with backticks",
|
|
title: "Test Title",
|
|
message: "Test `whoami` injection",
|
|
command: `echo "Title: $1, Message: $2"`,
|
|
expectError: false,
|
|
description: "Backticks should be escaped and not executed",
|
|
},
|
|
{
|
|
name: "Content with semicolon injection",
|
|
title: "Test Title",
|
|
message: "Test; echo INJECTED; echo end",
|
|
command: `echo "Title: $1, Message: $2"`,
|
|
expectError: false,
|
|
description: "Semicolon injection should be prevented",
|
|
},
|
|
{
|
|
name: "Content with command substitution",
|
|
title: "Test Title",
|
|
message: "Test $(whoami) injection",
|
|
command: `echo "Title: $1, Message: $2"`,
|
|
expectError: false,
|
|
description: "Command substitution should be escaped",
|
|
},
|
|
{
|
|
name: "Content with quote injection",
|
|
title: "Test Title",
|
|
message: "Test ' || echo INJECTED || echo ' end",
|
|
command: `echo "Title: $1, Message: $2"`,
|
|
expectError: false,
|
|
description: "Quote injection should be prevented",
|
|
},
|
|
{
|
|
name: "Content with newlines",
|
|
title: "Test Title",
|
|
message: "Line 1\nLine 2\nLine 3",
|
|
command: `echo "Title: $1, Message: $2"`,
|
|
expectError: false,
|
|
description: "Newlines should be handled safely",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
options := &domain.ChatOptions{
|
|
NotificationCommand: tt.command,
|
|
Notification: true,
|
|
}
|
|
|
|
// This test mainly verifies that the function doesn't panic
|
|
// and properly escapes dangerous content. The actual command
|
|
// execution is tested separately in integration tests.
|
|
err := sendNotification(options, "test_pattern", tt.message)
|
|
|
|
if tt.expectError && err == nil {
|
|
t.Errorf("Expected error for %s, but got none", tt.description)
|
|
}
|
|
|
|
if !tt.expectError && err != nil {
|
|
t.Errorf("Unexpected error for %s: %v", tt.description, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSendNotification_TitleGeneration(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
patternName string
|
|
expected string
|
|
}{
|
|
{
|
|
name: "No pattern name",
|
|
patternName: "",
|
|
expected: "Fabric Command Complete",
|
|
},
|
|
{
|
|
name: "With pattern name",
|
|
patternName: "summarize",
|
|
expected: "Fabric: summarize Complete",
|
|
},
|
|
{
|
|
name: "Pattern with special characters",
|
|
patternName: "test_pattern-v2",
|
|
expected: "Fabric: test_pattern-v2 Complete",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
options := &domain.ChatOptions{
|
|
NotificationCommand: `echo "Title: $1"`,
|
|
Notification: true,
|
|
}
|
|
|
|
// We're testing the title generation logic
|
|
// The actual notification command would echo the title
|
|
err := sendNotification(options, tt.patternName, "test message")
|
|
|
|
// The function should not error for valid inputs
|
|
if err != nil {
|
|
t.Errorf("Unexpected error: %v", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSendNotification_MessageTruncation(t *testing.T) {
|
|
longMessage := strings.Repeat("A", 150) // 150 characters
|
|
shortMessage := "Short message"
|
|
|
|
tests := []struct {
|
|
name string
|
|
message string
|
|
expected string
|
|
}{
|
|
{
|
|
name: "Short message",
|
|
message: shortMessage,
|
|
},
|
|
{
|
|
name: "Long message truncation",
|
|
message: longMessage,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
options := &domain.ChatOptions{
|
|
NotificationCommand: `echo "Message: $2"`,
|
|
Notification: true,
|
|
}
|
|
|
|
err := sendNotification(options, "test", tt.message)
|
|
if err != nil {
|
|
t.Errorf("Unexpected error: %v", err)
|
|
}
|
|
})
|
|
}
|
|
}
|