#!/bin/bash # # GALA-SEC-3: Quick Injection Tests # Simplified version for faster execution # set -euo pipefail API_BASE="${API_BASE:-http://localhost:8000/api}" RESULTS_FILE="/tmp/adversarial_injection_results.txt" PASSED=0 FAILED=0 WARNINGS=0 # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' echo "=========================================================" > "$RESULTS_FILE" echo "GALA-SEC-3: Adversarial Injection Test Results" >> "$RESULTS_FILE" echo "=========================================================" >> "$RESULTS_FILE" echo "API Base: $API_BASE" >> "$RESULTS_FILE" echo "Started: $(date '+%Y-%m-%d %H:%M:%S')" >> "$RESULTS_FILE" echo "" >> "$RESULTS_FILE" log_test() { local test_name="$1" local status="$2" local details="${3:-}" if [[ "$status" == "PASS" ]]; then echo -e "${GREEN}[PASS]${NC} $test_name" echo "[PASS] $test_name" >> "$RESULTS_FILE" ((PASSED++)) || true elif [[ "$status" == "FAIL" ]]; then echo -e "${RED}[FAIL]${NC} $test_name" echo "[FAIL] $test_name" >> "$RESULTS_FILE" ((FAILED++)) || true elif [[ "$status" == "WARN" ]]; then echo -e "${YELLOW}[WARN]${NC} $test_name" echo "[WARN] $test_name" >> "$RESULTS_FILE" ((WARNINGS++)) || true fi [[ -n "$details" ]] && echo " Details: $details" >> "$RESULTS_FILE" } check_safe() { local body="$1" local code="$2" # SQL errors echo "$body" | grep -qiE "(SQLSTATE|syntax error|mysql_|ORA-)" && return 1 # XSS reflected echo "$body" | grep -qE '