jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/tests/unit
History
Jeremie Fraeys 17d5c75e33
fix(security): Path validation improvements for symlink resolution 
Fix ValidatePath to correctly resolve symlinks and handle edge cases:
- Resolve symlinks before boundary check to prevent traversal
- Handle macOS /private prefix correctly
- Add fallback for non-existent paths (parent directory resolution)
- Double boundary checks: before AND after symlink resolution
- Prevent race conditions between check and use

Update path traversal tests:
- Correct test expectations for "..." (three dots is valid filename, not traversal)
- Add tests for symlink escape attempts
- Add unicode attack tests
- Add deeply nested traversal tests

Security impact: Prevents path traversal via symlink following in artifact
scanning and other file operations.
2026-02-23 19:44:16 -05:00
..
api test: Update duplicate detection tests 2026-02-23 14:14:21 -05:00
audit feat(audit): Tamper-evident audit chain verification system 2026-02-23 19:43:50 -05:00
auth test(auth): skip keychain tests when dbus unavailable 2026-02-21 21:20:03 -05:00
config fix: resolve TODOs and standardize tests 2026-02-19 15:34:59 -05:00
container refactor(worker): update worker tests and native bridge 2026-02-23 18:04:22 -05:00
deployments chore(build): update build system, scripts, and additional tests 2026-02-12 12:05:55 -05:00
envpool test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
errors Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
experiment test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
gpu feat: GPU detection transparency and artifact scanner improvements 2026-02-23 12:29:34 -05:00
jupyter cleanup: Remove obsolete ws_jupyter_errorcode_test.go 2026-02-17 13:45:01 -05:00
logging Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
manifest chore(build): update build system, scripts, and additional tests 2026-02-12 12:05:55 -05:00
metrics test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
middleware test: Reorganize and add unit tests 2026-02-18 21:28:13 -05:00
network Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
privacy test: Reorganize and add unit tests 2026-02-18 21:28:13 -05:00
queue fix: resolve TODOs and standardize tests 2026-02-19 15:34:59 -05:00
resources test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
security fix(security): Path validation improvements for symlink resolution 2026-02-23 19:44:16 -05:00
storage test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
telemetry test: implement comprehensive test suite with multiple test types 2025-12-04 16:55:13 -05:00
worker feat(security): Artifact ingestion caps enforcement 2026-02-23 19:43:28 -05:00
simple_test.go test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
worker_trust_test.go test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00