github.com/argoproj/argo-cd/v3@v3.2.1/util/security/path_traversal_test.go

github.com/argoproj/argo-cd/v3@v3.2.1/util/security/path_traversal_test.go (about)

     1  package security
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/assert"
     7  	"github.com/stretchr/testify/require"
     8  )
     9  
    10  func TestEnforceToCurrentRoot(t *testing.T) {
    11  	cleanDir, err := EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/values.yaml")
    12  	require.NoError(t, err)
    13  	assert.Equal(t, "/home/argo/helmapp/values.yaml", cleanDir)
    14  
    15  	// File is outside current working directory
    16  	_, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/values.yaml")
    17  	require.Error(t, err)
    18  
    19  	// File is outside current working directory
    20  	_, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/../differentapp/values.yaml")
    21  	require.Error(t, err)
    22  
    23  	// Goes back and forth, but still legal
    24  	cleanDir, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/../../argo/helmapp/values.yaml")
    25  	require.NoError(t, err)
    26  	assert.Equal(t, "/home/argo/helmapp/values.yaml", cleanDir)
    27  }