(t *testing.T)
| 25 | ) |
| 26 | |
| 27 | func TestValidatePathInBase(t *testing.T) { |
| 28 | base := "/tmp/cache/compose" |
| 29 | |
| 30 | tests := []struct { |
| 31 | name string |
| 32 | unsafePath string |
| 33 | wantErr bool |
| 34 | }{ |
| 35 | { |
| 36 | name: "valid simple filename", |
| 37 | unsafePath: "compose.yaml", |
| 38 | wantErr: false, |
| 39 | }, |
| 40 | { |
| 41 | name: "valid hashed filename", |
| 42 | unsafePath: "f8f9ede3d201ec37d5a5e3a77bbadab79af26035e53135e19571f50d541d390c.yaml", |
| 43 | wantErr: false, |
| 44 | }, |
| 45 | { |
| 46 | name: "valid env file", |
| 47 | unsafePath: ".env", |
| 48 | wantErr: false, |
| 49 | }, |
| 50 | { |
| 51 | name: "valid env file with suffix", |
| 52 | unsafePath: ".env.prod", |
| 53 | wantErr: false, |
| 54 | }, |
| 55 | { |
| 56 | name: "unix path traversal", |
| 57 | unsafePath: "../../../etc/passwd", |
| 58 | wantErr: true, |
| 59 | }, |
| 60 | { |
| 61 | name: "windows path traversal", |
| 62 | unsafePath: "..\\..\\..\\windows\\system32\\config\\sam", |
| 63 | wantErr: true, |
| 64 | }, |
| 65 | { |
| 66 | name: "subdirectory unix", |
| 67 | unsafePath: "config/base.yaml", |
| 68 | wantErr: true, |
| 69 | }, |
| 70 | { |
| 71 | name: "subdirectory windows", |
| 72 | unsafePath: "config\\base.yaml", |
| 73 | wantErr: true, |
| 74 | }, |
| 75 | { |
| 76 | name: "absolute unix path", |
| 77 | unsafePath: "/etc/passwd", |
| 78 | wantErr: true, |
| 79 | }, |
| 80 | { |
| 81 | name: "absolute windows path", |
| 82 | unsafePath: "C:\\windows\\system32\\config\\sam", |
| 83 | wantErr: true, |
| 84 | }, |
nothing calls this directly
no test coverage detected