MCPcopy Index your code
hub / github.com/google/go-github / TestCheckURLPathTraversal

Function TestCheckURLPathTraversal

github/github_test.go:1681–1713  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

1679}
1680
1681func TestCheckURLPathTraversal(t *testing.T) {
1682 t.Parallel()
1683 tests := []struct {
1684 input string
1685 wantErr error
1686 }{
1687 {"repos/o/r/contents/file.txt", nil},
1688 {"repos/o/r/contents/dir/file.txt", nil},
1689 {"repos/o/r/contents/file..txt", nil},
1690 {"repos/o/r?q=a..b", nil},
1691 {"repos/../admin/users", ErrPathForbidden},
1692 {"repos/x/../../../admin", ErrPathForbidden},
1693 {"../admin", ErrPathForbidden},
1694 {"repos/o/r/contents/..", ErrPathForbidden},
1695 {"repos/o/r/contents/../secrets", ErrPathForbidden},
1696 // Full URLs with scheme.
1697 {"https://api.github.com/repos/../admin", ErrPathForbidden},
1698 {"https://api.github.com/repos/o/r/contents/file.txt", nil},
1699 {"https://api.github.com/repos/o/r/contents/file..txt", nil},
1700 // URL with fragment.
1701 {"repos/o/r/contents/file.txt#section", nil},
1702 {"repos/../admin#frag", ErrPathForbidden},
1703 // URL with userinfo.
1704 {"https://user:pass@api.github.com/repos/../admin", ErrPathForbidden},
1705 {"https://user:pass@api.github.com/repos/o/r", nil},
1706 }
1707 for _, tt := range tests {
1708 err := checkURLPathTraversal(tt.input)
1709 if !errors.Is(err, tt.wantErr) {
1710 t.Errorf("checkURLPathTraversal(%q) = %v, want %v", tt.input, err, tt.wantErr)
1711 }
1712 }
1713}
1714
1715func TestNewRequest_pathTraversal(t *testing.T) {
1716 t.Parallel()

Callers

nothing calls this directly

Calls 2

checkURLPathTraversalFunction · 0.85
IsMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…