MCPcopy Index your code
hub / github.com/cheat/cheat / FuzzValidatePathTraversal

Function FuzzValidatePathTraversal

internal/sheet/validate_fuzz_test.go:133–169  ·  view source on GitHub ↗

FuzzValidatePathTraversal specifically targets path traversal bypasses

(f *testing.F)

Source from the content-addressed store, hash-verified

131
132// FuzzValidatePathTraversal specifically targets path traversal bypasses
133func FuzzValidatePathTraversal(f *testing.F) {
134 // Seed corpus focusing on path traversal variations
135 f.Add("..", "/", "")
136 f.Add("", "..", "/")
137 f.Add("a", "b", "c")
138
139 f.Fuzz(func(t *testing.T, prefix string, middle string, suffix string) {
140 // Construct various path traversal attempts
141 inputs := []string{
142 prefix + ".." + suffix,
143 prefix + "/.." + suffix,
144 prefix + "\\.." + suffix,
145 prefix + middle + ".." + suffix,
146 prefix + "../" + middle + suffix,
147 prefix + "..%2f" + suffix,
148 prefix + "%2e%2e" + suffix,
149 prefix + "%2e%2e%2f" + suffix,
150 }
151
152 for _, input := range inputs {
153 func() {
154 defer func() {
155 if r := recover(); r != nil {
156 t.Errorf("Validate panicked with constructed input %q: %v", input, r)
157 }
158 }()
159
160 err := Validate(input)
161
162 // If the input contains literal "..", it must be rejected
163 if strings.Contains(input, "..") && err == nil {
164 t.Errorf("validation incorrectly passed for input containing '..': %q", input)
165 }
166 }()
167 }
168 })
169}

Callers

nothing calls this directly

Calls 1

ValidateFunction · 0.85

Tested by

no test coverage detected