@qball-inc/the-bulwark 1.0.0

package/skills/bug-magnet-data/context/cli-args.md

@@ -0,0 +1,91 @@
+# CLI Arguments Context
+
+Edge case guidance for testing command-line argument handling.
+
+## Applicable Categories
+
+| Category | Priority | Why |
+|----------|----------|-----|
+| strings/boundaries | T0 | Empty args, long args, whitespace |
+| strings/special-chars | T1 | Quotes, spaces, backslashes, equals signs |
+| strings/injection | T1 | Command injection only (;, |, &&) |
+| numbers/boundaries | T0 | Numeric arguments |
+
+## Not Applicable (Skip)
+
+| Category | Why Skip |
+|----------|----------|
+| strings/injection (SQL, XSS) | CLI doesn't use SQL/HTML |
+| formats/email, formats/url | Unless CLI specifically processes these |
+| encoding/normalization | Usually ASCII-only |
+| dates/timezone | Unless date arguments expected |
+
+## Key Edge Cases
+
+### Empty and Whitespace
+```bash
+# Empty argument
+./cli ""
+
+# Whitespace-only argument
+./cli "   "
+
+# No arguments when required
+./cli
+```
+
+### Quoting and Escaping
+```bash
+# Argument with spaces
+./cli "hello world"
+
+# Argument with quotes
+./cli "say \"hello\""
+
+# Argument with backslash
+./cli "path\\to\\file"
+
+# Argument with equals
+./cli --key=value=with=equals
+```
+
+### Special Characters
+```bash
+# Glob characters (shouldn't expand)
+./cli "*.txt"
+
+# Dollar sign (shouldn't expand)
+./cli '$HOME'
+
+# Backticks (shouldn't execute)
+./cli '`whoami`'
+```
+
+### Command Injection Attempts
+```bash
+# Semicolon injection
+./cli "file; rm -rf /"
+
+# Pipe injection
+./cli "file | cat /etc/passwd"
+
+# Subcommand injection
+./cli "$(whoami)"
+```
+
+### Length Extremes
+```bash
+# Very long argument
+./cli "$(python -c 'print("a" * 10000)')"
+
+# Many arguments
+./cli arg1 arg2 arg3 ... arg1000
+```
+
+## Consumer Usage
+
+When test-audit or bulwark-verify processes CLI-related code:
+1. Load strings/boundaries
+2. Load strings/special-chars
+3. Load command injection patterns from strings/injection
+4. Skip SQL/XSS patterns

package/skills/bug-magnet-data/context/db-query.md

@@ -0,0 +1,104 @@
+# Database Query Context
+
+Edge case guidance for testing database operations.
+
+## Applicable Categories
+
+| Category | Priority | Why |
+|----------|----------|-----|
+| strings/boundaries | T0 | Empty strings, long strings |
+| strings/injection | T0 | SQL injection (if raw queries) |
+| numbers/boundaries | T0 | Integer limits, ID values |
+| booleans/boundaries | T0 | NULL handling |
+| dates/boundaries | T1 | Date range queries |
+| dates/timezone | T2 | Timezone-aware date storage |
+
+## When to SKIP SQL Injection
+
+| Scenario | Skip? | Why |
+|----------|-------|-----|
+| Using ORM with parameterized queries | Yes | ORM handles escaping |
+| Raw SQL with string concatenation | No | Test thoroughly |
+| Stored procedures with parameters | Maybe | Check parameter handling |
+| Dynamic table/column names | No | These can't be parameterized |
+
+## Key Edge Cases
+
+### NULL Handling
+```sql
+-- NULL in WHERE
+WHERE column = NULL  -- Never matches! Use IS NULL
+
+-- NULL in comparisons
+WHERE column > NULL  -- Always NULL (unknown)
+
+-- NULL in aggregates
+SELECT AVG(price)  -- Excludes NULLs
+
+-- COALESCE edge cases
+COALESCE(NULL, NULL, 'default')
+```
+
+### String Edge Cases
+```sql
+-- Empty string vs NULL (database dependent)
+INSERT INTO t (col) VALUES ('')  -- Oracle: becomes NULL
+
+-- Unicode
+INSERT INTO t (name) VALUES ('José 😀')
+
+-- Very long strings
+INSERT INTO t (col) VALUES (/* 10000 char string */)
+
+-- Quotes in data (parameterized handles this)
+INSERT INTO t (col) VALUES ('O''Brien')
+```
+
+### Numeric Edge Cases
+```sql
+-- ID boundaries
+SELECT * FROM t WHERE id = 0
+SELECT * FROM t WHERE id = -1
+SELECT * FROM t WHERE id = 2147483647  -- INT_MAX
+
+-- Division by zero
+SELECT amount / quantity FROM orders  -- What if quantity = 0?
+
+-- Precision
+INSERT INTO t (price) VALUES (0.1 + 0.2)  -- Floating point
+```
+
+### Date Edge Cases
+```sql
+-- Epoch
+WHERE created_at = '1970-01-01'
+
+-- Y2K38
+WHERE expires_at > '2038-01-19 03:14:07'
+
+-- Timezone
+WHERE created_at = '2024-03-10 02:30:00'  -- DST gap
+```
+
+### Query Result Edge Cases
+```sql
+-- No results
+SELECT * FROM empty_table
+
+-- One result
+SELECT * FROM t LIMIT 1
+
+-- Many results (pagination, memory)
+SELECT * FROM million_row_table
+
+-- Duplicate keys
+INSERT INTO t (id) VALUES (existing_id)
+```
+
+## Consumer Usage
+
+When test-audit checks database test coverage:
+1. Check for NULL handling tests
+2. Check for boundary value tests on numeric columns
+3. If raw SQL: check for injection test cases
+4. Check for empty result and single result handling

package/skills/bug-magnet-data/context/file-contents.md

@@ -0,0 +1,103 @@
+# File Contents Context
+
+Edge case guidance for testing file I/O and parsing.
+
+## Applicable Categories
+
+| Category | Priority | Why |
+|----------|----------|-----|
+| strings/boundaries | T0 | Empty files, large files |
+| encoding/charset | T1 | BOM, encoding detection |
+| encoding/normalization | T2 | Unicode in file contents |
+| strings/special-chars | T1 | Control characters, line endings |
+| formats/json | T0 | If parsing JSON files |
+
+## Not Applicable (Skip)
+
+| Category | Why Skip |
+|----------|----------|
+| strings/injection | Files aren't executed (usually) |
+| formats/email, formats/url | Unless file contains these |
+| concurrency/* | Test at file system level separately |
+
+## Key Edge Cases
+
+### Empty and Size
+```
+# Empty file (0 bytes)
+# Single byte file
+# Very large file (>2GB for 32-bit limits)
+# File size exactly at buffer boundary
+```
+
+### Line Endings
+```
+# Unix (LF only)
+line1\nline2\n
+
+# Windows (CRLF)
+line1\r\nline2\r\n
+
+# Classic Mac (CR only)
+line1\rline2\r
+
+# Mixed
+line1\nline2\r\nline3\r
+
+# No trailing newline
+line1\nline2
+
+# Only newlines
+\n\n\n
+```
+
+### Encoding
+```
+# UTF-8 with BOM
+\xEF\xBB\xBF...content...
+
+# UTF-16 LE with BOM
+\xFF\xFE...content...
+
+# Latin-1 (looks like broken UTF-8)
+caf\xe9
+
+# Invalid UTF-8 sequences
+\x80\x81\x82
+```
+
+### Special Characters
+```
+# Null bytes in middle
+hello\x00world
+
+# Control characters
+line\x07\x08\x1B
+
+# Tabs mixed with spaces
+\t  \t  content
+```
+
+### File Names (for path handling)
+```
+# Spaces in name
+my file.txt
+
+# Unicode in name
+café.txt
+
+# Very long name
+aaaa...200 chars...aaaa.txt
+
+# Special characters
+file;name.txt
+../traversal.txt
+```
+
+## Consumer Usage
+
+When bulwark-verify generates file I/O tests:
+1. Load strings/boundaries for size edge cases
+2. Load encoding/charset for BOM and encoding tests
+3. Load strings/special-chars for control characters
+4. Consider file format (JSON, XML, etc.) for format-specific tests

package/skills/bug-magnet-data/context/http-body.md

@@ -0,0 +1,91 @@
+# HTTP Body Context
+
+Edge case guidance for testing HTTP request/response body handling.
+
+## Applicable Categories
+
+| Category | Priority | Why |
+|----------|----------|-----|
+| strings/boundaries | T0 | Empty body, large payloads |
+| strings/unicode | T1 | Multi-byte characters, emoji |
+| strings/injection | T1 | All patterns (depends on content type) |
+| formats/json | T0 | JSON body parsing |
+| formats/email | T2 | If form contains email fields |
+| formats/url | T2 | If body contains URLs |
+| encoding/charset | T1 | Content-Type charset handling |
+| numbers/boundaries | T0 | Numeric fields |
+
+## Not Applicable (Skip)
+
+| Category | Why Skip |
+|----------|----------|
+| concurrency/state-machines | Test separately at higher level |
+| language-specific/* | HTTP is language-agnostic |
+
+## Key Edge Cases by Content-Type
+
+### application/json
+```json
+// Empty object
+{}
+
+// Empty array
+[]
+
+// Deep nesting
+{"a":{"b":{"c":{"d":{"e":1}}}}}
+
+// Large numbers
+{"n": 99999999999999999999}
+
+// Unicode
+{"name": "José 😀"}
+
+// Prototype pollution
+{"__proto__": {"polluted": true}}
+```
+
+### application/x-www-form-urlencoded
+```
+# Empty value
+field=
+
+# Multiple values
+field=a&field=b
+
+# Special characters
+field=hello+world&other=a%26b
+
+# Unicode
+name=%C3%A9  (é encoded)
+```
+
+### multipart/form-data
+- Empty file upload
+- Very large file
+- File with special filename
+- File with wrong content-type
+- Binary file with null bytes
+
+### text/plain
+- Empty body
+- Very large body
+- Binary characters
+- Mixed line endings (CRLF, LF)
+
+## Injection Context
+
+| Content-Type | Applicable Injection Patterns |
+|--------------|------------------------------|
+| application/json | All (depending on backend use) |
+| text/html | XSS patterns critical |
+| text/plain | Depends on processing |
+| application/xml | XXE patterns |
+
+## Consumer Usage
+
+When bulwark-verify generates HTTP body tests:
+1. Identify Content-Type
+2. Load formats/ category for that type
+3. Load strings/boundaries
+4. Load relevant injection patterns based on how data is used

package/skills/bug-magnet-data/context/process-spawn.md

@@ -0,0 +1,123 @@
+# Process Spawn Context
+
+Edge case guidance for testing subprocess execution.
+
+## Applicable Categories
+
+| Category | Priority | Why |
+|----------|----------|-----|
+| strings/boundaries | T0 | Empty args, long commands |
+| strings/special-chars | T0 | Quotes, spaces, escaping |
+| strings/injection | T0 | Command injection CRITICAL |
+| numbers/boundaries | T1 | Exit codes, timeouts |
+
+## Not Applicable (Skip)
+
+| Category | Why Skip |
+|----------|----------|
+| strings/injection (SQL, XSS) | Not relevant to process spawn |
+| formats/* | Process args are strings |
+| dates/* | Unless date is an argument |
+
+## Security Priority
+
+**Command injection is the #1 risk.** Always test:
+1. Semicolon injection: `; rm -rf /`
+2. Pipe injection: `| cat /etc/passwd`
+3. Backtick injection: `` `whoami` ``
+4. Subcommand injection: `$(whoami)`
+5. Newline injection: `\nmalicious`
+6. Argument injection: `--help` where unexpected
+
+## Key Edge Cases
+
+### Argument Handling
+```bash
+# Arguments with spaces
+spawn("cmd", ["arg with spaces"])
+
+# Arguments with quotes
+spawn("cmd", ['say "hello"'])
+
+# Arguments with special shell chars
+spawn("cmd", ["$HOME", "`pwd`", "$(id)"])
+
+# Empty arguments
+spawn("cmd", ["", "arg2"])
+
+# Many arguments
+spawn("cmd", Array(1000).fill("arg"))
+```
+
+### Environment Variables
+```javascript
+// Sensitive env vars
+spawn("cmd", [], { env: { PASSWORD: "secret" } })
+
+// PATH manipulation
+spawn("cmd", [], { env: { PATH: "/tmp:$PATH" } })
+
+// Empty env
+spawn("cmd", [], { env: {} })
+```
+
+### Working Directory
+```javascript
+// Non-existent directory
+spawn("cmd", [], { cwd: "/nonexistent" })
+
+// Relative path
+spawn("cmd", [], { cwd: "../.." })
+
+// Path with spaces
+spawn("cmd", [], { cwd: "/path with spaces" })
+```
+
+### Exit Codes
+```javascript
+// Success
+expect(exitCode).toBe(0)
+
+// Standard failure
+expect(exitCode).toBe(1)
+
+// Signal termination
+expect(exitCode).toBe(128 + signalNumber)
+
+// Exit code boundaries
+exitCode === 255  // -1 as unsigned byte
+```
+
+### Process Lifecycle
+```javascript
+// Timeout handling
+const proc = spawn("sleep", ["3600"])
+setTimeout(() => proc.kill(), 1000)
+
+// Stdin closing
+proc.stdin.end()
+
+// stdout/stderr buffering
+// What if output is very large?
+
+// Zombie processes
+// What if parent doesn't wait()?
+```
+
+### Shell vs Direct Execution
+```javascript
+// Direct (safer)
+spawn("ls", ["-la"])
+
+// Via shell (dangerous)
+spawn("sh", ["-c", userInput])  // NEVER do this
+exec(userInput)  // NEVER do this
+```
+
+## Consumer Usage
+
+When bulwark-verify generates process spawn tests:
+1. Load ALL command injection patterns (T0 priority)
+2. Load strings/special-chars for escaping tests
+3. Include exit code boundary tests
+4. Test timeout and kill handling

package/skills/bug-magnet-data/data/booleans/boundaries.yaml

@@ -0,0 +1,143 @@
+metadata:
+  version: "1.0.0"
+  last_updated: "2026-02-01"
+  source_urls: []
+
+category: booleans
+subcategory: boundaries
+tier: T0
+
+bugs_caught:
+  - "Null reference exceptions"
+  - "Truthy/falsy confusion"
+  - "Type coercion bugs"
+
+values:
+  true:
+    value: true
+    bugs_caught:
+      - "Boolean true handling"
+    safe_for_automation: true
+
+  false:
+    value: false
+    bugs_caught:
+      - "Boolean false handling"
+      - "Falsy but valid distinction"
+    safe_for_automation: true
+
+  null:
+    value: null
+    bugs_caught:
+      - "Null reference exceptions"
+      - "null vs undefined"
+      - "Optional chaining need"
+    safe_for_automation: true
+
+  undefined:
+    value: "undefined"
+    bugs_caught:
+      - "Undefined variable access"
+      - "Missing property handling"
+    safe_for_automation: true
+    note: "JavaScript-specific"
+
+  # Truthy values that aren't true
+  truthy_string:
+    value: "false"
+    bugs_caught:
+      - "String 'false' is truthy"
+      - "Boolean string parsing"
+    safe_for_automation: true
+
+  truthy_zero_string:
+    value: "0"
+    bugs_caught:
+      - "String '0' is truthy"
+    safe_for_automation: true
+
+  truthy_empty_array:
+    value: []
+    bugs_caught:
+      - "Empty array is truthy (JavaScript)"
+      - "Array length check needed"
+    safe_for_automation: true
+    note: "JavaScript: [] is truthy, Python: [] is falsy"
+
+  truthy_empty_object:
+    value: {}
+    bugs_caught:
+      - "Empty object is truthy"
+      - "Object.keys check needed"
+    safe_for_automation: true
+
+  # Falsy values that aren't false
+  falsy_zero:
+    value: 0
+    bugs_caught:
+      - "Zero is falsy but valid"
+      - "0 vs null confusion"
+    safe_for_automation: true
+
+  falsy_empty_string:
+    value: ""
+    bugs_caught:
+      - "Empty string is falsy"
+      - "'' vs null confusion"
+    safe_for_automation: true
+
+  falsy_nan:
+    value: "NaN"
+    bugs_caught:
+      - "NaN is falsy"
+    safe_for_automation: true
+
+  # Boolean-like strings
+  bool_string_true:
+    value: "true"
+    bugs_caught:
+      - "Boolean string parsing"
+    safe_for_automation: true
+
+  bool_string_True:
+    value: "True"
+    bugs_caught:
+      - "Case-sensitive boolean parsing"
+    safe_for_automation: true
+
+  bool_string_TRUE:
+    value: "TRUE"
+    bugs_caught:
+      - "Uppercase boolean parsing"
+    safe_for_automation: true
+
+  bool_string_yes:
+    value: "yes"
+    bugs_caught:
+      - "YAML-style boolean"
+    safe_for_automation: true
+
+  bool_string_on:
+    value: "on"
+    bugs_caught:
+      - "Form checkbox value"
+    safe_for_automation: true
+
+  bool_string_1:
+    value: "1"
+    bugs_caught:
+      - "Numeric boolean"
+    safe_for_automation: true
+
+  bool_number_1:
+    value: 1
+    bugs_caught:
+      - "Number 1 as boolean"
+    safe_for_automation: true
+
+  bool_number_2:
+    value: 2
+    bugs_caught:
+      - "Non-zero non-one number"
+      - "Truthy but not === true"
+    safe_for_automation: true