(t *testing.T)
| 118 | } |
| 119 | |
| 120 | func TestWriteComposeFileWithExtendsPathTraversal(t *testing.T) { |
| 121 | tmpDir := t.TempDir() |
| 122 | |
| 123 | // Create a layer with com.docker.compose.extends=true and a path traversal attempt |
| 124 | layer := spec.Descriptor{ |
| 125 | MediaType: "application/vnd.docker.compose.file.v1+yaml", |
| 126 | Digest: "sha256:test123", |
| 127 | Size: 100, |
| 128 | Annotations: map[string]string{ |
| 129 | "com.docker.compose.extends": "true", |
| 130 | "com.docker.compose.file": "../other", |
| 131 | }, |
| 132 | } |
| 133 | |
| 134 | content := []byte("services:\n test:\n image: nginx\n") |
| 135 | |
| 136 | // writeComposeFile should return an error due to path traversal |
| 137 | err := writeComposeFile(layer, 0, tmpDir, content) |
| 138 | assert.Error(t, err, "invalid OCI artifact") |
| 139 | } |
nothing calls this directly
no test coverage detected