(t *testing.T)
| 23 | ) |
| 24 | |
| 25 | func TestValidateGitSubDir(t *testing.T) { |
| 26 | base := "/tmp/cache/compose/abc123def456" |
| 27 | |
| 28 | tests := []struct { |
| 29 | name string |
| 30 | subDir string |
| 31 | wantErr bool |
| 32 | }{ |
| 33 | { |
| 34 | name: "valid simple directory", |
| 35 | subDir: "examples", |
| 36 | wantErr: false, |
| 37 | }, |
| 38 | { |
| 39 | name: "valid nested directory", |
| 40 | subDir: "examples/nginx", |
| 41 | wantErr: false, |
| 42 | }, |
| 43 | { |
| 44 | name: "valid deeply nested directory", |
| 45 | subDir: "examples/web/frontend/config", |
| 46 | wantErr: false, |
| 47 | }, |
| 48 | { |
| 49 | name: "valid current directory", |
| 50 | subDir: ".", |
| 51 | wantErr: false, |
| 52 | }, |
| 53 | { |
| 54 | name: "valid directory with redundant separators", |
| 55 | subDir: "examples//nginx", |
| 56 | wantErr: false, |
| 57 | }, |
| 58 | { |
| 59 | name: "valid directory with dots in name", |
| 60 | subDir: "examples/nginx.conf.d", |
| 61 | wantErr: false, |
| 62 | }, |
| 63 | { |
| 64 | name: "path traversal - parent directory", |
| 65 | subDir: "..", |
| 66 | wantErr: true, |
| 67 | }, |
| 68 | { |
| 69 | name: "path traversal - multiple parent directories", |
| 70 | subDir: "../../../etc/passwd", |
| 71 | wantErr: true, |
| 72 | }, |
| 73 | { |
| 74 | name: "path traversal - deeply nested escape", |
| 75 | subDir: "../../../../../../../tmp/pwned", |
| 76 | wantErr: true, |
| 77 | }, |
| 78 | { |
| 79 | name: "path traversal - mixed with valid path", |
| 80 | subDir: "examples/../../etc/passwd", |
| 81 | wantErr: true, |
| 82 | }, |
nothing calls this directly
no test coverage detected