mugit: internal/git/archive_test.go (3e7e955721c228676202c787a670427eb9113cdb)

1

package git

2

3

import (

4

	"testing"

5

6

	"olexsmir.xyz/x/is"

7

8

9

func TestIsValidRef(t *testing.T) {

10

	tests := []struct {

11

		name string

12

		ref  string

13

		want bool

14

}{

15

		{name: "simple branch", ref: "main", want: true},

16

		{name: "branch with slash", ref: "feature/new-thing", want: true},

17

		{name: "version tag", ref: "v1.2.3", want: true},

18

		{name: "short hash", ref: "abc123d", want: true},

19

		{name: "full hash", ref: "abc123def456789abc123def456789abc123def4", want: true},

20

		{name: "refs/heads path", ref: "refs/heads/main", want: true},

21

		{name: "refs/tags path", ref: "refs/tags/v1.0.0", want: true},

22

		{name: "branch with underscore", ref: "feature_branch", want: true},

23

		{name: "branch with dot", ref: "release.1.0", want: true},

24

		{name: "branch with hyphen", ref: "bug-fix", want: true},

25

26

		// security sensitive

27

		{name: "empty string", ref: "", want: false},

28

		{name: "double dot traversal", ref: "..", want: false},

29

		{name: "path traversal start", ref: "../etc/passwd", want: false},

30

		{name: "path traversal middle", ref: "refs/../../../etc/passwd", want: false},

31

		{name: "double dot in path", ref: "feature/..secret", want: false},

32

33

		// invalid characters

34

		{name: "space in name", ref: "my branch", want: false},

35

		{name: "newline injection", ref: "main\nmalicious", want: false},

36

		{name: "null byte", ref: "main\x00malicious", want: false},

37

		{name: "shell metachar semicolon", ref: "main;rm -rf", want: false},

38

		{name: "shell metachar backtick", ref: "main`whoami`", want: false},

39

		{name: "shell metachar dollar", ref: "main$PATH", want: false},

40

		{name: "shell metachar pipe", ref: "main|cat", want: false},

41

		{name: "shell metachar ampersand", ref: "main&id", want: false},

42

		{name: "single quote", ref: "main'test", want: false},

43

		{name: "double quote", ref: "main\"test", want: false},

44

		{name: "tilde", ref: "~root", want: false},

45

		{name: "asterisk", ref: "main*", want: false},

46

		{name: "question mark", ref: "main?", want: false},

47

		{name: "brackets", ref: "main[0]", want: false},

48

		{name: "parentheses", ref: "main()", want: false},

49

		{name: "hash", ref: "main#comment", want: false},

50

		{name: "percent", ref: "main%20test", want: false},

51

		{name: "caret", ref: "main^", want: false},

52

		{name: "at sign", ref: "main@{0}", want: false},

53

		{name: "exclamation", ref: "main!", want: false},

54

		{name: "backslash", ref: "main\\test", want: false},

55

		{name: "colon", ref: "main:test", want: false},

56

57

58

	for _, tt := range tests {

59

		t.Run(tt.name, func(t *testing.T) {

60

			is.Equal(t, isValidRef(tt.ref), tt.want)

61

})

62

63

1	package git
2
3	import (
4	"testing"
5
6	"olexsmir.xyz/x/is"
7	)
8
9	func TestIsValidRef(t *testing.T) {
10	tests := []struct {
11	name string
12	ref string
13	want bool
14	}{
15	{name: "simple branch", ref: "main", want: true},
16	{name: "branch with slash", ref: "feature/new-thing", want: true},
17	{name: "version tag", ref: "v1.2.3", want: true},
18	{name: "short hash", ref: "abc123d", want: true},
19	{name: "full hash", ref: "abc123def456789abc123def456789abc123def4", want: true},
20	{name: "refs/heads path", ref: "refs/heads/main", want: true},
21	{name: "refs/tags path", ref: "refs/tags/v1.0.0", want: true},
22	{name: "branch with underscore", ref: "feature_branch", want: true},
23	{name: "branch with dot", ref: "release.1.0", want: true},
24	{name: "branch with hyphen", ref: "bug-fix", want: true},
25
26	// security sensitive
27	{name: "empty string", ref: "", want: false},
28	{name: "double dot traversal", ref: "..", want: false},
29	{name: "path traversal start", ref: "../etc/passwd", want: false},
30	{name: "path traversal middle", ref: "refs/../../../etc/passwd", want: false},
31	{name: "double dot in path", ref: "feature/..secret", want: false},
32
33	// invalid characters
34	{name: "space in name", ref: "my branch", want: false},
35	{name: "newline injection", ref: "main\nmalicious", want: false},
36	{name: "null byte", ref: "main\x00malicious", want: false},
37	{name: "shell metachar semicolon", ref: "main;rm -rf", want: false},
38	{name: "shell metachar backtick", ref: "main`whoami`", want: false},
39	{name: "shell metachar dollar", ref: "main$PATH", want: false},
40	{name: "shell metachar pipe", ref: "main\|cat", want: false},
41	{name: "shell metachar ampersand", ref: "main&id", want: false},
42	{name: "single quote", ref: "main'test", want: false},
43	{name: "double quote", ref: "main\"test", want: false},
44	{name: "tilde", ref: "~root", want: false},
45	{name: "asterisk", ref: "main*", want: false},
46	{name: "question mark", ref: "main?", want: false},
47	{name: "brackets", ref: "main[0]", want: false},
48	{name: "parentheses", ref: "main()", want: false},
49	{name: "hash", ref: "main#comment", want: false},
50	{name: "percent", ref: "main%20test", want: false},
51	{name: "caret", ref: "main^", want: false},
52	{name: "at sign", ref: "main@{0}", want: false},
53	{name: "exclamation", ref: "main!", want: false},
54	{name: "backslash", ref: "main\\test", want: false},
55	{name: "colon", ref: "main:test", want: false},
56	}
57
58	for _, tt := range tests {
59	t.Run(tt.name, func(t *testing.T) {
60	is.Equal(t, isValidRef(tt.ref), tt.want)
61	})
62	}
63	}