MCPcopy Index your code
hub / github.com/labstack/echo / TestStaticDirectoryHandlerAndRouterInconsistentEscaping

Function TestStaticDirectoryHandlerAndRouterInconsistentEscaping

echo_test.go:362–476  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

360}
361
362func TestStaticDirectoryHandlerAndRouterInconsistentEscaping(t *testing.T) {
363 var testCases = []struct {
364 name string
365 givenEnablePathUnescapingStaticFiles bool
366 givenRouterUnescapePathParamValues bool
367 givenRouterUseEscapedPathForMatching bool
368 whenURL string
369 expectBody string
370 expectStatus int
371 }{
372 {
373 name: "ok, file is served from not-forbidden path",
374 givenEnablePathUnescapingStaticFiles: false,
375 whenURL: "/test.txt",
376 expectBody: "test.txt contents",
377 expectStatus: http.StatusOK,
378 },
379 {
380 name: "ok, forbidden path is matched by route wildcard and forbidden by that",
381 givenEnablePathUnescapingStaticFiles: false,
382 whenURL: "/admin/private.txt",
383 expectBody: "{\"message\":\"Forbidden\"}",
384 expectStatus: http.StatusForbidden,
385 },
386 {
387 name: "ok, escaped filename from forbidden path is routed to guarded route",
388 givenEnablePathUnescapingStaticFiles: false,
389 givenRouterUnescapePathParamValues: false,
390 givenRouterUseEscapedPathForMatching: true, // Router uses escaped path (req.URL.RawPath) for matching
391 whenURL: "/admin%2fprivate.txt",
392 expectBody: "{\"message\":\"Forbidden\"}",
393 expectStatus: http.StatusForbidden,
394 },
395 {
396 name: "ok, escaped filename from forbidden path is not unescaped and results 404",
397 givenEnablePathUnescapingStaticFiles: false, // router path escaping and StaticDirectoryHandler is consistent
398 whenURL: "/admin%2fprivate.txt",
399 expectBody: "{\"message\":\"Not Found\"}",
400 expectStatus: http.StatusNotFound,
401 },
402 {
403 name: "nok, escaped filename from forbidden path is unescaped and returns file contents (handler unescapes)",
404 givenEnablePathUnescapingStaticFiles: true, // router path escaping and StaticDirectoryHandler is NOT consistent
405 givenRouterUnescapePathParamValues: false,
406 whenURL: "/admin%2fprivate.txt",
407 expectBody: "public/admin/private.txt - private file",
408 expectStatus: http.StatusOK,
409 },
410 {
411 name: "nok, escaped filename from forbidden path is unescaped and returns file contents (router unescapes)",
412 givenEnablePathUnescapingStaticFiles: false,
413 givenRouterUnescapePathParamValues: true, // router path escaping and StaticDirectoryHandler is NOT consistent
414 whenURL: "/admin%2fprivate.txt",
415 expectBody: "public/admin/private.txt - private file",
416 expectStatus: http.StatusOK,
417 },
418 {
419 name: "nok, unescaped filename from forbidden path is escaped and returns file contents (router unescapes and method unescapes)",

Callers

nothing calls this directly

Calls 6

NewRouterFunction · 0.85
NewWithConfigFunction · 0.85
ServeHTTPMethod · 0.80
StaticMethod · 0.45
GETMethod · 0.45
StringMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…