File: path_traversal_attack.rs

package info (click to toggle)
rust-rust-embed 8.9.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,176 kB
  • sloc: javascript: 4; makefile: 2
file content (27 lines) | stat: -rw-r--r-- 807 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
use rust_embed::Embed;

#[derive(Embed)]
#[folder = "examples/public/"]
struct Assets;

/// Prevent attempts to access files outside of the embedded folder.
/// This is mainly a concern when running in debug mode, since that loads from
/// the file system at runtime.
#[test]
fn path_traversal_attack_fails() {
  assert!(Assets::get("../basic.rs").is_none());
}

#[derive(Embed)]
#[folder = "examples/axum-spa/"]
struct AxumAssets;

// TODO:
/// Prevent attempts to access symlinks outside of the embedded folder.
/// This is mainly a concern when running in debug mode, since that loads from
/// the file system at runtime.
#[test]
#[ignore = "see https://github.com/pyrossh/rust-embed/pull/235"]
fn path_traversal_attack_symlink_fails() {
  assert!(Assets::get("../public/symlinks/main.js").is_none());
}