Initial commit

tests/test_fs_posture.py

@@ -0,0 +1,23 @@
+from pathlib import Path
+
+from applepy.checks.fs_posture import collect_world_writable_files
+
+
+def test_collect_world_writable_detects_regular_file(tmp_path: Path) -> None:
+    launch = tmp_path / "LaunchAgents"
+    launch.mkdir()
+    f = launch / "evil.plist"
+    f.write_text("<?xml version='1.0'?><plist></plist>")
+    f.chmod(0o666)
+    hits, notes = collect_world_writable_files([launch], max_scan=500, max_hits=20)
+    assert hits
+    assert any("evil.plist" in h for h in hits)
+    assert not any("cap reached" in n for n in notes)
+
+
+def test_collect_world_writable_empty_dir(tmp_path: Path) -> None:
+    empty = tmp_path / "empty"
+    empty.mkdir()
+    hits, notes = collect_world_writable_files([empty])
+    assert not hits
+    assert not notes