BE: linting fixes

Signed-off-by: jokob-sk <jokob.sk@gmail.com>
2025-12-07 09:36:05 -08:00 · 2025-11-22 13:14:06 +11:00
parent f0abd500d9
commit 5c14b34a8b
104 changed files with 2163 additions and 2199 deletions
--- a/test/backend/test_sql_injection_prevention.py
+++ b/test/backend/test_sql_injection_prevention.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+# !/usr/bin/env python3
 """
 Comprehensive SQL Injection Prevention Tests for NetAlertX

@@ -15,7 +15,7 @@ sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'server'))
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'server', 'db'))

 # Now import our module
-from sql_safe_builder import SafeConditionBuilder
+from sql_safe_builder import SafeConditionBuilder  # noqa: E402 [flake8 lint suppression]


@pytest.fixture
@@ -28,7 +28,7 @@ def test_sql_injection_attempt_single_quote(builder):
    """Test that single quote injection attempts are blocked."""
    malicious_input = "'; DROP TABLE users; --"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when invalid
    assert condition == ""
    assert params == {}
@@ -38,7 +38,7 @@ def test_sql_injection_attempt_union(builder):
    """Test that UNION injection attempts are blocked."""
    malicious_input = "1' UNION SELECT * FROM passwords --"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when invalid
    assert condition == ""
    assert params == {}
@@ -48,7 +48,7 @@ def test_sql_injection_attempt_or_true(builder):
    """Test that OR 1=1 injection attempts are blocked."""
    malicious_input = "' OR '1'='1"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when invalid
    assert condition == ""
    assert params == {}
@@ -58,7 +58,7 @@ def test_valid_simple_condition(builder):
    """Test that valid simple conditions are handled correctly."""
    valid_input = "AND devName = 'Test Device'"
    condition, params = builder.get_safe_condition_legacy(valid_input)
-    
+
    # Should create parameterized query
    assert "AND devName = :" in condition
    assert len(params) == 1
@@ -69,7 +69,7 @@ def test_empty_condition(builder):
    """Test that empty conditions are handled safely."""
    empty_input = ""
    condition, params = builder.get_safe_condition_legacy(empty_input)
-    
+
    # Should return empty condition
    assert condition == ""
    assert params == {}
@@ -79,7 +79,7 @@ def test_whitespace_only_condition(builder):
    """Test that whitespace-only conditions are handled safely."""
    whitespace_input = "   \n\t   "
    condition, params = builder.get_safe_condition_legacy(whitespace_input)
-    
+
    # Should return empty condition
    assert condition == ""
    assert params == {}
@@ -90,7 +90,7 @@ def test_multiple_conditions_valid(builder):
    # Test with a single condition first (our current parser handles single conditions well)
    valid_input = "AND devName = 'Device1'"
    condition, params = builder.get_safe_condition_legacy(valid_input)
-    
+
    # Should create parameterized query
    assert "devName = :" in condition
    assert len(params) == 1
@@ -101,7 +101,7 @@ def test_disallowed_column_name(builder):
    """Test that non-whitelisted column names are rejected."""
    invalid_input = "AND malicious_column = 'value'"
    condition, params = builder.get_safe_condition_legacy(invalid_input)
-    
+
    # Should return empty condition when column not in whitelist
    assert condition == ""
    assert params == {}
@@ -111,7 +111,7 @@ def test_disallowed_operator(builder):
    """Test that non-whitelisted operators are rejected."""
    invalid_input = "AND devName SOUNDS LIKE 'test'"
    condition, params = builder.get_safe_condition_legacy(invalid_input)
-    
+
    # Should return empty condition when operator not allowed
    assert condition == ""
    assert params == {}
@@ -121,7 +121,7 @@ def test_nested_select_attempt(builder):
    """Test that nested SELECT attempts are blocked."""
    malicious_input = "AND devName IN (SELECT password FROM users)"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when nested SELECT detected
    assert condition == ""
    assert params == {}
@@ -131,7 +131,7 @@ def test_hex_encoding_attempt(builder):
    """Test that hex-encoded injection attempts are blocked."""
    malicious_input = "AND 0x44524f50205441424c45"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when hex encoding detected
    assert condition == ""
    assert params == {}
@@ -141,7 +141,7 @@ def test_comment_injection_attempt(builder):
    """Test that comment injection attempts are handled."""
    malicious_input = "AND devName = 'test' /* comment */ --"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Comments should be stripped and condition validated
    if condition:
        assert "/*" not in condition
@@ -152,7 +152,7 @@ def test_special_placeholder_replacement(builder):
    """Test that {s-quote} placeholder is safely replaced."""
    input_with_placeholder = "AND devName = {s-quote}Test{s-quote}"
    condition, params = builder.get_safe_condition_legacy(input_with_placeholder)
-    
+
    # Should handle placeholder safely
    if condition:
        assert "{s-quote}" not in condition
@@ -163,7 +163,7 @@ def test_null_byte_injection(builder):
    """Test that null byte injection attempts are blocked."""
    malicious_input = "AND devName = 'test\x00' DROP TABLE --"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Null bytes should be sanitized
    if condition:
        assert "\x00" not in condition
@@ -178,7 +178,7 @@ def test_build_condition_with_allowed_values(builder):
        {"column": "devName", "operator": "LIKE", "value": "%test%"}
    ]
    condition, params = builder.build_condition(conditions, "AND")
-    
+
    # Should create valid parameterized condition
    assert "eve_EventType = :" in condition
    assert "devName LIKE :" in condition
@@ -191,7 +191,7 @@ def test_build_condition_with_invalid_column(builder):
        {"column": "invalid_column", "operator": "=", "value": "test"}
    ]
    condition, params = builder.build_condition(conditions)
-    
+
    # Should return empty when invalid column
    assert condition == ""
    assert params == {}
@@ -204,7 +204,7 @@ def test_case_variations_injection(builder):
        "oR 1=1",
        "UnIoN SeLeCt * FrOm users"
    ]
-    
+
    for malicious_input in malicious_inputs:
        condition, params = builder.get_safe_condition_legacy(malicious_input)
        # Should handle case variations safely
@@ -217,7 +217,7 @@ def test_time_based_injection_attempt(builder):
    """Test that time-based injection attempts are blocked."""
    malicious_input = "AND IF(1=1, SLEEP(5), 0)"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when SQL functions detected
    assert condition == ""
    assert params == {}
@@ -227,7 +227,7 @@ def test_stacked_queries_attempt(builder):
    """Test that stacked query attempts are blocked."""
    malicious_input = "'; INSERT INTO admin VALUES ('hacker', 'password'); --"
    condition, params = builder.get_safe_condition_legacy(malicious_input)
-    
+
    # Should return empty condition when semicolon detected
    assert condition == ""
    assert params == {}