-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchittycheck-qa.sh
More file actions
executable file
Β·346 lines (272 loc) Β· 10.4 KB
/
chittycheck-qa.sh
File metadata and controls
executable file
Β·346 lines (272 loc) Β· 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
#!/bin/bash
# ChittyCheck QA Test Suite
# Comprehensive testing for ChittyCheck functionality, security, and reliability
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
BLUE='\033[0;34m'
BOLD='\033[1m'
RESET='\033[0m'
# Test counters
QA_PASSED=0
QA_FAILED=0
QA_WARNINGS=0
QA_TOTAL=0
CHITTYCHECK_SCRIPT="/Users/nb/.claude/projects/-/chittychat/chittycheck-enhanced.sh"
TEST_WORKSPACE="/tmp/chittycheck-qa-$$"
# QA Test Framework
qa_test() {
local test_name="$1"
local test_command="$2"
local expected_exit_code="${3:-0}"
((QA_TOTAL++))
echo -e "${CYAN}[TEST $QA_TOTAL] $test_name${RESET}"
# Run test
eval "$test_command" >/dev/null 2>&1
local actual_exit_code=$?
if [ $actual_exit_code -eq $expected_exit_code ]; then
echo -e " ${GREEN}β
PASS${RESET}"
((QA_PASSED++))
return 0
else
echo -e " ${RED}β FAIL${RESET} (expected exit $expected_exit_code, got $actual_exit_code)"
((QA_FAILED++))
return 1
fi
}
qa_security_test() {
local test_name="$1"
local test_command="$2"
local security_check="$3"
((QA_TOTAL++))
echo -e "${BLUE}[SECURITY $QA_TOTAL] $test_name${RESET}"
# Run test and capture output
local output=$(eval "$test_command" 2>&1)
local exit_code=$?
# Check security condition
if eval "$security_check"; then
echo -e " ${GREEN}π SECURE${RESET}"
((QA_PASSED++))
return 0
else
echo -e " ${RED}π¨ SECURITY RISK${RESET}"
echo -e " Output: $output"
((QA_FAILED++))
return 1
fi
}
# Setup test workspace
setup_test_workspace() {
echo -e "${BOLD}ποΈ Setting up QA test workspace${RESET}"
mkdir -p "$TEST_WORKSPACE"
cd "$TEST_WORKSPACE"
# Create mock project structure
mkdir -p src tests docs
# Create test files
cat > package.json << 'EOF'
{
"name": "test-project",
"dependencies": {
"uuid": "^9.0.0",
"nanoid": "^4.0.0"
}
}
EOF
cat > .env << 'EOF'
CHITTY_ID_TOKEN=test_token_123
CHITTYOS_ACCOUNT_ID=test_account
EOF
cat > src/main.js << 'EOF'
const crypto = require('crypto');
const { v4: uuidv4 } = require('uuid');
// Rogue patterns for testing
const id1 = crypto.randomUUID();
const id2 = crypto.randomBytes(16).toString('hex');
const id3 = Date.now().toString() + '_id';
const id4 = Math.random().toString(36).substr(2, 9);
// Good patterns
const chittyId = await mintChittyId({ type: 'user' });
const response = fetch('https://id.chitty.cc/v1/mint');
function generateId() {
return 'local_' + Math.random();
}
EOF
echo -e " ${GREEN}β
Test workspace created at $TEST_WORKSPACE${RESET}"
}
# Cleanup test workspace
cleanup_test_workspace() {
echo -e "${BOLD}π§Ή Cleaning up test workspace${RESET}"
rm -rf "$TEST_WORKSPACE"
}
# ============================================
# FUNCTIONAL TESTS
# ============================================
run_functional_tests() {
echo -e "${BOLD}π§ FUNCTIONAL TESTS${RESET}"
echo -e "ββββββββββββββββββββββββββββββββ"
# Test 1: Script exists and is executable
qa_test "Script exists and executable" "[ -x '$CHITTYCHECK_SCRIPT' ]"
# Test 2: Script runs without crashing
qa_test "Script runs without fatal errors" "$CHITTYCHECK_SCRIPT" 1
# Test 3: Detects rogue packages
qa_test "Detects rogue packages in package.json" "grep -q 'uuid.*nanoid' <($CHITTYCHECK_SCRIPT 2>&1)"
# Test 4: Detects rogue patterns
qa_test "Detects rogue ID patterns" "grep -q 'crypto\.randomUUID.*instance' <($CHITTYCHECK_SCRIPT 2>&1)"
# Test 5: Validates token presence
qa_test "Validates CHITTY_ID_TOKEN" "grep -q 'CHITTY_ID_TOKEN' <($CHITTYCHECK_SCRIPT 2>&1)"
# Test 6: Shows compliance score
qa_test "Shows compliance score" "grep -q '[0-9]*%.*Grade' <($CHITTYCHECK_SCRIPT 2>&1)"
# Test 7: Creates missing files
rm -f .gitignore CLAUDE.md
qa_test "Auto-creates missing files" "$CHITTYCHECK_SCRIPT >/dev/null 2>&1 && [ -f .gitignore ] && [ -f CLAUDE.md ]"
echo ""
}
# ============================================
# SECURITY TESTS
# ============================================
run_security_tests() {
echo -e "${BOLD}π SECURITY TESTS${RESET}"
echo -e "ββββββββββββββββββββββββββββββββ"
# Security Test 1: No secrets leaked in output
qa_security_test "No secrets in output" \
"$CHITTYCHECK_SCRIPT 2>&1" \
"! echo '$output' | grep -E '(secret|password|key|token).*[a-zA-Z0-9]{20,}'"
# Security Test 2: Safe .env parsing
echo "MALICIOUS_VAR=\$(rm -rf /)" >> .env
qa_security_test "Safe .env parsing (no command injection)" \
"$CHITTYCHECK_SCRIPT 2>&1" \
"[ -d '$TEST_WORKSPACE' ]" # Directory should still exist
# Security Test 3: No unauthorized network calls
qa_security_test "No unauthorized network calls" \
"strace -e trace=network $CHITTYCHECK_SCRIPT 2>&1 | head -100" \
"! echo '$output' | grep -E '(connect.*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | grep -v 'chitty.cc'"
# Security Test 4: Input validation
PROJECT_NAME="../../../etc/passwd" qa_security_test "Input validation on project name" \
"$CHITTYCHECK_SCRIPT 2>&1" \
"! echo '$output' | grep -q '/etc/passwd'"
# Security Test 5: File permissions check
qa_security_test "Secure file creation permissions" \
"$CHITTYCHECK_SCRIPT >/dev/null 2>&1; ls -la .gitignore" \
"echo '$output' | grep -q '^-rw-r--r--'"
echo ""
}
# ============================================
# PENETRATION TESTS
# ============================================
run_penetration_tests() {
echo -e "${BOLD}π― PENETRATION TESTS${RESET}"
echo -e "ββββββββββββββββββββββββββββββββ"
# Pen Test 1: Command injection via environment
export CHITTY_ID_TOKEN="; rm -rf /tmp/test; echo 'injected'"
qa_security_test "Command injection via CHITTY_ID_TOKEN" \
"$CHITTYCHECK_SCRIPT 2>&1" \
"! echo '$output' | grep -q 'injected'"
# Pen Test 2: Path traversal
mkdir -p ../../../tmp/pentest
echo "sensitive_data" > ../../../tmp/pentest/secret.txt
qa_security_test "Path traversal protection" \
"cd ../../../tmp/pentest && $CHITTYCHECK_SCRIPT 2>&1" \
"! echo '$output' | grep -q 'sensitive_data'"
# Pen Test 3: Resource exhaustion
qa_security_test "Resource exhaustion protection" \
"timeout 30s $CHITTYCHECK_SCRIPT >/dev/null 2>&1" \
"[ $? -eq 124 ] || [ $? -eq 0 ] || [ $? -eq 1 ]" # Should timeout or complete normally
# Pen Test 4: Log injection
export PROJECT_NAME=$'evil\nINJECTED LOG LINE\nmore_evil'
qa_security_test "Log injection protection" \
"$CHITTYCHECK_SCRIPT 2>&1" \
"! echo '$output' | grep -q 'INJECTED LOG LINE'"
# Pen Test 5: Race condition testing
qa_security_test "Race condition protection" \
"$CHITTYCHECK_SCRIPT & $CHITTYCHECK_SCRIPT & wait" \
"[ -f .env ] && [ -f .gitignore ]" # Files should still be intact
echo ""
}
# ============================================
# PERFORMANCE TESTS
# ============================================
run_performance_tests() {
echo -e "${BOLD}β‘ PERFORMANCE TESTS${RESET}"
echo -e "ββββββββββββββββββββββββββββββββ"
# Create large test files
for i in {1..100}; do
echo "const id$i = crypto.randomUUID();" >> src/large_file_$i.js
done
# Performance Test 1: Execution time
local start_time=$(date +%s)
$CHITTYCHECK_SCRIPT >/dev/null 2>&1
local end_time=$(date +%s)
local duration=$((end_time - start_time))
qa_test "Completes within 60 seconds" "[ $duration -lt 60 ]"
# Performance Test 2: Memory usage
qa_test "Memory usage under 100MB" \
"/usr/bin/time -l $CHITTYCHECK_SCRIPT >/dev/null 2>&1 | grep 'maximum resident set size' | awk '{print \$1}' | awk '{print (\$1 < 100000000)}' | grep -q 1"
echo ""
}
# ============================================
# INTEGRATION TESTS
# ============================================
run_integration_tests() {
echo -e "${BOLD}π INTEGRATION TESTS${RESET}"
echo -e "ββββββββββββββββββββββββββββββββ"
# Integration Test 1: Status line integration
qa_test "Status line integration works" \
"source /Users/nb/.claude/projects/-/chittychat/chittycheck-status.sh && chittycheck_status 'compact' | grep -q '%'"
# Integration Test 2: ChittyChat logging
qa_test "ChittyChat logging integration" \
"$CHITTYCHECK_SCRIPT >/dev/null 2>&1 && [ -d ~/.chittychat/compliance ]"
# Integration Test 3: Config loading
qa_test "ChittyOS config loading" \
"$CHITTYCHECK_SCRIPT 2>&1 | grep -q 'Registry: https://registry.chitty.cc'"
echo ""
}
# ============================================
# MAIN QA RUNNER
# ============================================
show_qa_summary() {
echo -e "${BOLD}π QA TEST SUMMARY${RESET}"
echo -e "ββββββββββββββββββββββββββββββββ"
echo -e "Total Tests: $QA_TOTAL"
echo -e "${GREEN}Passed: $QA_PASSED${RESET}"
echo -e "${RED}Failed: $QA_FAILED${RESET}"
echo -e "${YELLOW}Warnings: $QA_WARNINGS${RESET}"
local success_rate=0
if [ $QA_TOTAL -gt 0 ]; then
success_rate=$(( (QA_PASSED * 100) / QA_TOTAL ))
fi
echo -e "Success Rate: ${success_rate}%"
if [ $QA_FAILED -eq 0 ]; then
echo -e "${GREEN}π ALL TESTS PASSED!${RESET}"
return 0
else
echo -e "${RED}π₯ SOME TESTS FAILED!${RESET}"
return 1
fi
}
# Main execution
main() {
echo -e "${BOLD}π¬ CHITTYCHECK QA & PENETRATION TESTING${RESET}"
echo -e "ββββββββββββββββββββββββββββββββββββββββββββββ"
echo ""
# Setup
setup_test_workspace
echo ""
# Run test suites
run_functional_tests
run_security_tests
run_penetration_tests
run_performance_tests
run_integration_tests
# Summary
show_qa_summary
local exit_code=$?
# Cleanup
cleanup_test_workspace
exit $exit_code
}
# Run if called directly
if [ "${BASH_SOURCE[0]}" = "${0}" ]; then
main "$@"
fi