Files
graphify/tests/test_cpp_preprocess.py
T
Safi 46a1d4cabb harden ollama metadata egress and cpp path handling (F3, F5)
F3: OLLAMA_BASE_URL pointing at a link-local or cloud-metadata address
(169.254.x, metadata.google.*, 0.0.0.0) now fails closed instead of only
warning, since no real Ollama host lives there and it is a classic SSRF
target. General LAN hosts still warn-and-allow.

F5: the Fortran C-preprocessor call now passes an absolute path. cpp has no
'--' end-of-options terminator, so an attacker-named corpus file like
'-I/etc/x.F90' could otherwise be parsed as a cpp option; an absolute path
always begins with '/' and cannot be.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 22:23:15 +01:00

33 lines
1.0 KiB
Python

"""The Fortran C-preprocessor path is hardened against argument injection (F5).
A corpus file is attacker-named; cpp does not accept a "--" end-of-options
terminator, so _cpp_preprocess passes an absolute path which can never be parsed
as a cpp option.
"""
from graphify import extract
def test_cpp_preprocess_passes_absolute_path(tmp_path, monkeypatch):
f = tmp_path / "weird.F90"
f.write_text("program x\nend program x\n")
captured = {}
def fake_run(argv, **kwargs):
captured["argv"] = argv
class _Result:
returncode = 0
stdout = b"preprocessed"
return _Result()
monkeypatch.setattr("shutil.which", lambda name: "/usr/bin/cpp")
monkeypatch.setattr("subprocess.run", fake_run)
out = extract._cpp_preprocess(f)
assert out == b"preprocessed"
last_arg = captured["argv"][-1]
assert last_arg.startswith("/"), f"path arg must be absolute, got {last_arg!r}"
assert not last_arg.startswith("-"), "path arg must never look like an option"