-
-
Notifications
You must be signed in to change notification settings - Fork 150
/
Copy pathutilities_test.go
48 lines (43 loc) · 1.59 KB
/
utilities_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package utilities
import (
"bytes"
"fmt"
"path/filepath"
"runtime"
"testing"
"github.com/stretchr/testify/require"
)
func TestSaveFileonTemp(t *testing.T) {
filename := "file"
tmpDir := t.TempDir()
path, err := saveFileonTempDir(tmpDir, filename, bytes.NewBufferString("TEST"))
require.NoError(t, err)
require.Equal(t, filepath.Join(tmpDir, filename), path)
}
func TestSaveFileonTempDirWithEvilName(t *testing.T) {
evilFileNames := []string{
"/",
"..",
"../",
"../evil.txt",
"../../../../../../../../../../../../../../../../../../../../tmp/evil.txt",
"some/path/../../../../../../../../../../../../../../../../../../../../tmp/evil.txt",
"/../../../../../../../../../../../../../../../../../../../../tmp/evil.txt",
"/some/path/../../../../../../../../../../../../../../../../../../../../tmp/evil.txt",
}
if runtime.GOOS == "windows" {
evilFileNames = []string{
"..\\",
"..\\evil.txt",
"..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\tmp\\evil.txt",
"some\\path\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\tmp\\evil.txt",
"\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\tmp\\evil.txt",
"\\some\\path\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\tmp\\evil.txt",
}
}
for _, evilFileName := range evilFileNames {
_, err := saveFileonTempDir(t.TempDir(), evilFileName, bytes.NewBufferString("TEST"))
require.Error(t, err, fmt.Sprintf("with filename: '%s'", evilFileName))
require.ErrorContains(t, err, "unsafe path join")
}
}