Initial commit

2026-04-25 23:09:31 +01:00
commit 3325436017
92 changed files with 18397 additions and 0 deletions
--- a/tests/test_catalogues_gtfo.py
+++ b/tests/test_catalogues_gtfo.py
@@ -0,0 +1,59 @@
+"""GTFOBins check behaviour (rollup vs detailed, absent list toggle)."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+from applepy.checks import catalogues
+from applepy.context import RunContext
+
+
+def _minimal_ctx(tmp_path: Path) -> RunContext:
+    return RunContext(home=tmp_path, output_dir=tmp_path, phase="unprivileged", dry_run=False)
+
+
+def test_check_gtfo_no_absent_finding_by_default(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.delenv("APPLEPY_GTFO_LIST_ABSENT", raising=False)
+    monkeypatch.delenv("APPLEPY_GTFO_DETAILED", raising=False)
+    monkeypatch.delenv("APPLEPY_SKIP_CATALOG_FETCH", raising=False)
+    data = {
+        "executables": {
+            "true": {"functions": {"Shell": {}}},
+            "missingbin_xyz": {"functions": {"Shell": {}}},
+        }
+    }
+    monkeypatch.setattr(catalogues, "fetch_json_url", lambda _url: (data, "ok"))
+
+    def resolve(name: str, _pe: str) -> str | None:
+        return "/bin/true" if name == "true" else None
+
+    monkeypatch.setattr(catalogues, "_resolve_binary_path", resolve)
+    out = catalogues.check_gtfo(_minimal_ctx(tmp_path))
+    assert not any(f.id == "gtfo-absent-all" for f in out)
+    assert not any(f.id.startswith("gtfo-api-") for f in out)
+    lol2 = next(f for f in out if f.id == "lol-002")
+    assert "true" in lol2.evidence
+    assert "not_found=1" in lol2.evidence
+
+
+def test_check_gtfo_absent_when_env_set(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("APPLEPY_GTFO_LIST_ABSENT", "1")
+    monkeypatch.delenv("APPLEPY_GTFO_DETAILED", raising=False)
+    monkeypatch.delenv("APPLEPY_SKIP_CATALOG_FETCH", raising=False)
+    data = {"executables": {"onlymissing": {"functions": {"Shell": {}}}}}
+    monkeypatch.setattr(catalogues, "fetch_json_url", lambda _url: (data, "ok"))
+    monkeypatch.setattr(catalogues, "_resolve_binary_path", lambda _n, _pe: None)
+    out = catalogues.check_gtfo(_minimal_ctx(tmp_path))
+    absent = next(f for f in out if f.id == "gtfo-absent-all")
+    assert "onlymissing" in absent.evidence
+
+
+def test_check_gtfo_detailed_emits_per_binary(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("APPLEPY_GTFO_DETAILED", "1")
+    monkeypatch.delenv("APPLEPY_GTFO_LIST_ABSENT", raising=False)
+    monkeypatch.delenv("APPLEPY_SKIP_CATALOG_FETCH", raising=False)
+    data = {"executables": {"true": {"functions": {"Shell": {}}}}}
+    monkeypatch.setattr(catalogues, "fetch_json_url", lambda _url: (data, "ok"))
+    monkeypatch.setattr(catalogues, "_resolve_binary_path", lambda _n, _pe: "/bin/true")
+    out = catalogues.check_gtfo(_minimal_ctx(tmp_path))
+    assert any(f.id == "gtfo-api-true" for f in out)