(t *testing.T)
| 478 | } |
| 479 | |
| 480 | func TestSaveResponse_RejectsPathTraversal(t *testing.T) { |
| 481 | dir := t.TempDir() |
| 482 | origWd, _ := os.Getwd() |
| 483 | os.Chdir(dir) |
| 484 | defer os.Chdir(origWd) |
| 485 | |
| 486 | resp := newApiResp([]byte("data"), map[string]string{"Content-Type": "application/octet-stream"}) |
| 487 | _, err := SaveResponse(&localfileio.LocalFileIO{}, resp, "../../evil.txt") |
| 488 | if err == nil { |
| 489 | t.Fatal("expected error for path traversal") |
| 490 | } |
| 491 | if !strings.Contains(err.Error(), "unsafe output path") { |
| 492 | t.Errorf("expected 'unsafe output path' wrapper, got: %v", err) |
| 493 | } |
| 494 | } |
| 495 | |
| 496 | func TestSaveResponse_RejectsAbsolutePath(t *testing.T) { |
| 497 | resp := newApiResp([]byte("data"), map[string]string{"Content-Type": "application/octet-stream"}) |
nothing calls this directly
no test coverage detected