fix(hwfit): validate remote SSH detection targets (#3718)

tests/test_cookbook_helpers.py

@@ -26,7 +26,6 @@ from routes.cookbook_helpers import (
     _validate_repo_id,
     _validate_serve_cmd,
     _validate_serve_model_id,
-    _validate_ssh_port,
     _shell_path,
     run_ssh_command_async,
 )
@@ -106,12 +105,6 @@ def test_safe_env_prefix_accepts_powershell_activation_path():
     )
 
 
-def test_validate_ssh_port_rejects_shell_payload():
-    with pytest.raises(HTTPException):
-        _validate_ssh_port("22; touch /tmp/pwned")
-    assert _validate_ssh_port("2222") == "2222"
-
-
 def test_validate_local_dir_accepts_external_drive_paths_with_spaces():
     path = "/Volumes/T7 2TB/AI Models/llamacpp"
 

tests/test_hwfit_remote_validation.py

@@ -0,0 +1,47 @@
+import pytest
+from fastapi import HTTPException
+
+from core.platform_compat import _ssh_exec_argv
+from routes.hwfit_routes import setup_hwfit_routes
+
+
+def _endpoint(path: str):
+    router = setup_hwfit_routes()
+    for route in router.routes:
+        if getattr(route, "path", "") == path:
+            return route.endpoint
+    raise AssertionError(f"{path} route not found")
+
+
+@pytest.mark.parametrize(
+    "path,kwargs",
+    [
+        ("/api/hwfit/system", {}),
+        ("/api/hwfit/models", {"limit": 1}),
+        ("/api/hwfit/profiles", {"model": "demo"}),
+        ("/api/hwfit/image-models", {}),
+    ],
+)
+def test_hwfit_routes_reject_ssh_option_host(path, kwargs):
+    endpoint = _endpoint(path)
+
+    with pytest.raises(HTTPException) as exc:
+        endpoint(host="-oProxyCommand=sh", ssh_port="22", **kwargs)
+
+    assert exc.value.status_code == 400
+
+
+def test_hwfit_routes_reject_port_without_host():
+    endpoint = _endpoint("/api/hwfit/system")
+
+    with pytest.raises(HTTPException) as exc:
+        endpoint(host="", ssh_port="2222")
+
+    assert exc.value.status_code == 400
+
+
+def test_ssh_argv_rejects_option_shaped_remote():
+    with pytest.raises(ValueError):
+        _ssh_exec_argv("-oProxyCommand=sh", "22", remote_cmd="true")
+    with pytest.raises(ValueError):
+        _ssh_exec_argv("alice@-oProxyCommand=sh", "22", remote_cmd="true")

tests/test_route_validators.py

@@ -0,0 +1,23 @@
+import pytest
+from fastapi import HTTPException
+
+from routes._validators import validate_remote_host, validate_ssh_port
+
+
+def test_validate_ssh_port_rejects_shell_payload():
+    for port in ["22;id", "$(id)", "-p 22", "0", "65536"]:
+        with pytest.raises(HTTPException):
+            validate_ssh_port(port)
+    assert validate_ssh_port("2222") == "2222"
+
+
+def test_validate_remote_host_rejects_ssh_option_shape():
+    for host in [
+        "-oProxyCommand=sh",
+        "alice@-oProxyCommand=sh",
+        "--",
+        "-p2222",
+    ]:
+        with pytest.raises(HTTPException):
+            validate_remote_host(host)
+    assert validate_remote_host("alice@gpu-box_1") == "alice@gpu-box_1"