MCPcopy
hub / github.com/docker/compose / TestValidateGitSubDirSecurityScenarios

Function TestValidateGitSubDirSecurityScenarios

pkg/remote/git_test.go:152–175  ·  view source on GitHub ↗

TestValidateGitSubDirSecurityScenarios tests specific security scenarios

(t *testing.T)

Source from the content-addressed store, hash-verified

150
151// TestValidateGitSubDirSecurityScenarios tests specific security scenarios
152func TestValidateGitSubDirSecurityScenarios(t *testing.T) {
153 base := "/var/cache/docker-compose/git/1234567890abcdef"
154
155 // Test the exact vulnerability scenario from the issue
156 t.Run("CVE scenario - /tmp traversal", func(t *testing.T) {
157 maliciousPath := "../../../../../../../tmp/pwned"
158 err := validateGitSubDir(base, maliciousPath)
159 assert.ErrorContains(t, err, "path traversal")
160 })
161
162 // Test variations of the attack
163 t.Run("CVE scenario - /etc traversal", func(t *testing.T) {
164 maliciousPath := "../../../../../../../../etc/passwd"
165 err := validateGitSubDir(base, maliciousPath)
166 assert.ErrorContains(t, err, "path traversal")
167 })
168
169 // Test that legitimate nested paths still work
170 t.Run("legitimate nested path", func(t *testing.T) {
171 validPath := "examples/docker-compose/nginx/config"
172 err := validateGitSubDir(base, validPath)
173 assert.NilError(t, err)
174 })
175}

Callers

nothing calls this directly

Calls 1

validateGitSubDirFunction · 0.85

Tested by

no test coverage detected