1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
package extract
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestSafeJoin(t *testing.T) {
ok := func(parent, subdir string) {
_, err := safeJoin(parent, subdir)
require.NoError(t, err, "joining '%s' and '%s'", parent, subdir)
}
ko := func(parent, subdir string) {
_, err := safeJoin(parent, subdir)
require.Error(t, err, "joining '%s' and '%s'", parent, subdir)
}
ok("/", "more/path")
ok("/path", "more/path")
ok("/path/", "more/path")
ok("/path/subdir", "more/path")
ok("/path/subdir/", "more/path")
ok("/", "..") // ! since we are extracting to / is ok-ish to accept ".."?
ko("/path", "..")
ko("/path/", "..")
ko("/path/subdir", "..")
ko("/path/subdir/", "..")
ok("/", "../pathpath") // ! since we are extracting to / is ok-ish to accept "../pathpath"?
ko("/path", "../pathpath")
ko("/path/", "../pathpath")
ko("/path/subdir", "../pathpath")
ko("/path/subdir/", "../pathpath")
}
|
