[MERGE]

 - [x] Closes PR/MR #248
 - [x] Closes PR/MR #249
 - [x] Closes PR/MR #350

Author: reactive-firewall

tests/context.py

@@ -380,6 +380,117 @@ def checkCovCommand(*args):  # skipcq: PYL-W0102  - [] != [None]
 	return [*args]
 
 
+def taint_command_args(args: (list, tuple)) -> list:
+	"""Validate and sanitize command arguments for security.
+
+	This function validates the command (first argument) against a whitelist
+	and sanitizes all arguments to prevent command injection attacks.
+
+	Args:
+		args (list): Command arguments to validate
+
+	Returns:
+		list: Sanitized command arguments
+
+	Raises:
+		CommandExecutionError: If validation fails
+
+	Meta Testing:
+
+		>>> import tests.context as _context
+		>>> import sys as _sys
+		>>>
+
+		Testcase 1: Function should validate and return unmodified Python command.
+
+			>>> test_fixture = ['python', '-m', 'pytest']
+			>>> _context.taint_command_args(test_fixture)
+			['python', '-m', 'pytest']
+			>>>
+
+		Testcase 2: Function should handle sys.executable path.
+
+			>>> test_fixture = [str(_sys.executable), '-m', 'coverage', 'run']
+			>>> result = _context.taint_command_args(test_fixture)  #doctest: +ELLIPSIS
+			>>> str('python') in str(result[0]) or str('coverage') in str(result[0])
+			True
+			>>> result[1:] == ['-m', 'coverage', 'run']
+			True
+			>>>
+
+		Testcase 3: Function should reject disallowed commands.
+
+			>>> test_fixture = ['rm', '-rf', '/']
+			>>> _context.taint_command_args(test_fixture)  #doctest: +IGNORE_EXCEPTION_DETAIL
+			Traceback (most recent call last):
+			multicast.exceptions.CommandExecutionError: Command 'rm' is not allowed...
+			>>>
+
+		Testcase 4: Function should validate input types.
+
+			>>> test_fixture = None
+			>>> _context.taint_command_args(test_fixture)  #doctest: +IGNORE_EXCEPTION_DETAIL
+			Traceback (most recent call last):
+			multicast.exceptions.CommandExecutionError: Invalid command arguments
+			>>>
+			>>> test_fixture = "python -m pytest"  # String instead of list
+			>>> _context.taint_command_args(test_fixture)  #doctest: +IGNORE_EXCEPTION_DETAIL
+			Traceback (most recent call last):
+			multicast.exceptions.CommandExecutionError: Invalid command arguments
+			>>>
+
+		Testcase 5: Function should handle coverage command variations.
+
+			>>> test_fixture = [str(_sys.executable), 'coverage', 'run', '--source=multicast']
+			>>> _context.taint_command_args(test_fixture)  #doctest: +ELLIPSIS
+			[...'coverage', 'run', '--source=multicast']
+			>>>
+			>>> test_fixture = ['coverage', 'run', '--source=multicast']
+			>>> _context.taint_command_args(test_fixture)  #doctest: +ELLIPSIS
+			['exit 1 ; #', 'run',...'run', '--source=multicast']
+			>>>
+			>>> test_fixture = ['coverage3', 'run', '--source=.']
+			>>> _context.taint_command_args(test_fixture)  #doctest: +ELLIPSIS
+			['exit 1 ; #', 'run',...'--source=.']
+			>>>
+
+		Testcase 6: Function should handle case-insensitive command validation.
+
+			>>> test_fixture = ['Python3', '-m', 'pytest']
+			>>> _context.taint_command_args(test_fixture)
+			['Python3', '-m', 'pytest']
+			>>>
+			>>> test_fixture = ['COVERAGE', 'run']
+			>>> _context.taint_command_args(test_fixture)  #doctest: +ELLIPSIS
+			[...'COVERAGE', 'run'...]
+			>>>
+	"""
+	if not args or not isinstance(args, (list, tuple)):
+		raise CommandExecutionError("Invalid command arguments", exit_code=66)
+	# Validate the command (first argument)
+	allowed_commands = {
+		"python", "python3", "coverage", "coverage3",
+		sys.executable  # Allow the current Python interpreter
+	}
+	command = str(args[0]).lower()
+	# Extract base command name for exact matching
+	# Handle both path separators (/ for Unix, \ for Windows)
+	command_base = command.split("/")[-1].split("\\")[-1]
+	# Check if command is allowed (exact match on base name or full path match with sys.executable)
+	if command_base not in allowed_commands and command != str(sys.executable).lower():
+		raise CommandExecutionError(
+			f"Command '{command}' is not allowed. Allowed commands: {allowed_commands}",
+			exit_code=77
+		)
+	# Sanitize all arguments to prevent injection
+	tainted_args = [str(arg) for arg in args]
+	# Special handling for coverage commands
+	if "coverage" in command:
+		tainted_args = checkCovCommand(*tainted_args)
+	# Sanitize all arguments to prevent injection
+	return tainted_args
+
+
 def validateCommandArgs(args: list) -> None:
 	"""
 	Validates command arguments to ensure they do not contain null characters.
@@ -541,7 +652,9 @@ def checkPythonCommand(args, stderr=None):
 			validateCommandArgs(args)
 			if str("coverage") in args[0]:
 				args = checkCovCommand(*args)
-			theOutput = subprocess.check_output(args, stderr=stderr)
+			# Validate and sanitize command arguments
+			safe_args = taint_command_args(args)
+			theOutput = subprocess.check_output(safe_args, stderr=stderr)
 	except Exception as err:  # pragma: no branch
 		theOutput = None
 		try:
@@ -641,7 +754,9 @@ def checkPythonFuzzing(args, stderr=None):  # skipcq: PYL-W0102  - [] != [None]
 		else:
 			if str("coverage") in args[0]:
 				args = checkCovCommand(*args)
-			theOutput = subprocess.check_output(args, stderr=stderr)
+			# Validate and sanitize command arguments
+			safe_args = taint_command_args(args)
+			theOutput = subprocess.check_output(safe_args, stderr=stderr)
 	except BaseException as err:  # pragma: no branch
 		theOutput = None
 		raise CommandExecutionError(str(err), exit_code=2) from err  # do not suppress errors

tests/test_hear_data_processing.py

@@ -39,8 +39,11 @@
 @context.markWithMetaTag("mat", "hear")
 class RecvDataProcessingTestSuite(context.BasicUsageTestSuite):
 	"""
-	A test suite that checks empty data with the multicast sender and receiver.
+	A test suite that validates the multicast sender and receiver's handling of empty data.
 
+	Test cases:
+		- Sending empty binary data.
+		- Sending empty data followed by a stop command.
 	"""
 
 	__module__ = "tests.test_hear_data_processing"
@@ -55,16 +58,18 @@ def test_multicast_sender_with_no_data(self) -> None:
 		theResult = False
 		fail_fixture = "SAY -X] RECV? != error"
 		_fixture_port_num = self._always_generate_random_port_WHEN_called()
+		_fixture_mcast_addr = "224.0.0.1"
 		try:
 			self.assertIsNotNone(_fixture_port_num)
 			self.assertIsInstance(_fixture_port_num, int)
+			self.assertIsNotNone(_fixture_mcast_addr)
 			_fixture_HEAR_args = [
 				"--port",
 				str(_fixture_port_num),
 				"--groups",
-				"'224.0.0.1'",
+				f"'{_fixture_mcast_addr}'",
 				"--group",
-				"'224.0.0.1'",
+				f"'{_fixture_mcast_addr}'",
 			]
 			p = Process(
 				target=multicast.__main__.main, name="RECV", args=(
@@ -77,7 +82,7 @@ def test_multicast_sender_with_no_data(self) -> None:
 			try:
 				sender = multicast.send.McastSAY()
 				self.assertIsNotNone(sender)
-				sender(group='224.0.0.1', port=_fixture_port_num, ttl=1, data=b'')
+				sender(group=_fixture_mcast_addr, port=_fixture_port_num, ttl=1, data=b'')
 				self.assertIsNotNone(p)
 				self.assertTrue(p.is_alive(), fail_fixture)
 			except Exception as _cause:
@@ -105,16 +110,17 @@ def test_multicast_sender_with_no_data_before_follow_by_stop(self) -> None:
 		theResult = False
 		fail_fixture = "SAY -X] HEAR? != error"
 		_fixture_port_num = self._always_generate_random_port_WHEN_called()
+		_fixture_mcast_addr = "224.0.0.1"
 		try:
 			self.assertIsNotNone(_fixture_port_num)
 			self.assertIsInstance(_fixture_port_num, int)
 			_fixture_HEAR_args = [
 				"--port",
 				str(_fixture_port_num),
 				"--groups",
-				"'224.0.0.1'",
+				f"'{_fixture_mcast_addr}'",
 				"--group",
-				"'224.0.0.1'",
+				f"'{_fixture_mcast_addr}'",
 			]
 			p = Process(
 				target=multicast.__main__.main,
@@ -130,11 +136,11 @@ def test_multicast_sender_with_no_data_before_follow_by_stop(self) -> None:
 			try:
 				sender = multicast.send.McastSAY()
 				self.assertIsNotNone(sender)
-				sender(group='224.0.0.1', port=_fixture_port_num, ttl=1, data=b'')
+				sender(group=_fixture_mcast_addr, port=_fixture_port_num, ttl=1, data=b'')
 				self.assertIsNotNone(p)
 				self.assertTrue(p.is_alive(), fail_fixture)
 				while p.is_alive():
-					sender(group="224.0.0.1", port=_fixture_port_num, data=["STOP"])
+					sender(group=_fixture_mcast_addr, port=_fixture_port_num, data=["STOP"])
 					p.join(1)
 				self.assertFalse(p.is_alive(), "HEAR ignored STOP")
 			except Exception as _cause:
@@ -208,11 +214,20 @@ def test_handle_with_invalid_utf8_data(self) -> None:
 			request=(data, sock), client_address=_fixture_client_addr, server=None
 		)
 		try:
+			# Mock the processing method
+			handler._process = MagicMock()
 			# Should silently ignore invalid UTF-8 data
 			handler.handle()  # If no exception is raised, the test passes
 			# Verify handler state after processing invalid data
 			self.assertIsNone(handler.server)  # Server should remain None
 			self.assertEqual(handler.client_address, _fixture_client_addr)
+			# Verify no data was processed
+			handler._process.assert_not_called()
+			# Test with different invalid UTF-8 sequences
+			for invalid_data in [b'\xff', b'\xfe\xff', b'\xff\xff\xff']:
+				handler.request = (invalid_data, sock)
+				handler.handle()
+				handler._process.assert_not_called()
 		except Exception as e:
 			self.fail(f"Handler raised an unexpected exception: {e}")
 		finally: