(t *testing.T)
| 163 | } |
| 164 | |
| 165 | func TestAssertSecurePath_WorldReadable_Rejected(t *testing.T) { |
| 166 | if runtime.GOOS == "windows" { |
| 167 | t.Skip("permission tests not applicable on Windows") |
| 168 | } |
| 169 | dir := t.TempDir() |
| 170 | p := filepath.Join(dir, "worldr.txt") |
| 171 | if err := os.WriteFile(p, []byte("data"), 0o600); err != nil { |
| 172 | t.Fatalf("write: %v", err) |
| 173 | } |
| 174 | if err := os.Chmod(p, 0o604); err != nil { |
| 175 | t.Fatalf("chmod: %v", err) |
| 176 | } |
| 177 | _, err := AssertSecurePath(AuditParams{ |
| 178 | TargetPath: p, |
| 179 | Label: "test", |
| 180 | AllowInsecurePath: false, |
| 181 | AllowReadableByOthers: false, |
| 182 | }) |
| 183 | if err == nil { |
| 184 | t.Fatal("expected error for world-readable file, got nil") |
| 185 | } |
| 186 | want := fmt.Sprintf("test: path %q is world-readable (mode 0604)", p) |
| 187 | if err.Error() != want { |
| 188 | t.Errorf("error = %q, want %q", err.Error(), want) |
| 189 | } |
| 190 | } |
| 191 | |
| 192 | func TestAssertSecurePath_AllowReadableByOthers_Passes(t *testing.T) { |
| 193 | if runtime.GOOS == "windows" { |
nothing calls this directly
no test coverage detected