(t *testing.T)
| 216 | } |
| 217 | |
| 218 | func TestAssertSecurePath_OwnerUID_Valid(t *testing.T) { |
| 219 | if runtime.GOOS == "windows" { |
| 220 | t.Skip("owner UID tests not applicable on Windows") |
| 221 | } |
| 222 | dir := t.TempDir() |
| 223 | p := filepath.Join(dir, "owned.txt") |
| 224 | if err := os.WriteFile(p, []byte("data"), 0o600); err != nil { |
| 225 | t.Fatalf("write: %v", err) |
| 226 | } |
| 227 | got, err := AssertSecurePath(AuditParams{ |
| 228 | TargetPath: p, |
| 229 | Label: "test", |
| 230 | AllowInsecurePath: false, |
| 231 | AllowReadableByOthers: true, |
| 232 | }) |
| 233 | if err != nil { |
| 234 | t.Fatalf("unexpected error: %v", err) |
| 235 | } |
| 236 | if got != p { |
| 237 | t.Errorf("got %q, want %q", got, p) |
| 238 | } |
| 239 | } |
| 240 | |
| 241 | func TestAssertSecurePath_Symlink_Rejected(t *testing.T) { |
| 242 | if runtime.GOOS == "windows" { |
nothing calls this directly
no test coverage detected