MCPcopy
hub / github.com/larksuite/cli / TestSaveResponse_RejectsPathTraversal

Function TestSaveResponse_RejectsPathTraversal

internal/client/response_test.go:480–494  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

478}
479
480func TestSaveResponse_RejectsPathTraversal(t *testing.T) {
481 dir := t.TempDir()
482 origWd, _ := os.Getwd()
483 os.Chdir(dir)
484 defer os.Chdir(origWd)
485
486 resp := newApiResp([]byte("data"), map[string]string{"Content-Type": "application/octet-stream"})
487 _, err := SaveResponse(&localfileio.LocalFileIO{}, resp, "../../evil.txt")
488 if err == nil {
489 t.Fatal("expected error for path traversal")
490 }
491 if !strings.Contains(err.Error(), "unsafe output path") {
492 t.Errorf("expected 'unsafe output path' wrapper, got: %v", err)
493 }
494}
495
496func TestSaveResponse_RejectsAbsolutePath(t *testing.T) {
497 resp := newApiResp([]byte("data"), map[string]string{"Content-Type": "application/octet-stream"})

Callers

nothing calls this directly

Calls 5

newApiRespFunction · 0.85
SaveResponseFunction · 0.85
GetwdMethod · 0.65
ContainsMethod · 0.45
ErrorMethod · 0.45

Tested by

no test coverage detected