injectlib/n8n-workflows
1
0
Fork 0
mirror of https://github.com/Zie619/n8n-workflows.git synced 2025-11-25 03:15:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
main
n8n-workflows/test_security.sh

40 lines
1.2 KiB
Bash
Raw Permalink Normal View History

fix: Address all CVEs and CI/CD failures - Fix docker.yml Trivy configuration to use trivy.yaml and .trivyignore - Add QEMU setup for ARM64 multi-platform builds - Upgrade to Python 3.12.7 for latest security patches - Update all dependencies to latest secure versions - Add security hardening to Dockerfile - Fix multi-platform Docker build issues This addresses all reported CVEs and CI/CD failures.
2025-11-03 12:59:17 +02:00
#!/bin/bash
echo "🔒 Testing Path Traversal Protection..."
echo "========================================="
# Test various path traversal attempts
declare -a attacks=(
"../api_server.py"
"../../etc/passwd"
"..%2F..%2Fapi_server.py"
"..%5C..%5Capi_server.py"
"%2e%2e%2fapi_server.py"
"../../../../../../../etc/passwd"
"....//....//api_server.py"
"..;/api_server.py"
"..\api_server.py"
"~/.ssh/id_rsa"
)
for attack in "${attacks[@]}"; do
response=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:8000/api/workflows/$attack/download")
if [ "$response" == "400" ] || [ "$response" == "404" ]; then
echo "✅ Blocked: $attack (Response: $response)"
else
echo "❌ FAILED TO BLOCK: $attack (Response: $response)"
fi
done
echo ""
echo "🔍 Testing Valid Downloads..."
echo "========================================="
# Test valid download
response=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:8000/api/workflows/0720_Schedule_Filter_Create_Scheduled.json/download")
if [ "$response" == "200" ]; then
echo "✅ Valid download works (Response: $response)"
else
echo "❌ Valid download failed (Response: $response)"
fi
Reference in New Issue Copy Permalink