jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/tests/unit/security
History
Jeremie Fraeys 17d5c75e33
fix(security): Path validation improvements for symlink resolution 
Fix ValidatePath to correctly resolve symlinks and handle edge cases:
- Resolve symlinks before boundary check to prevent traversal
- Handle macOS /private prefix correctly
- Add fallback for non-existent paths (parent directory resolution)
- Double boundary checks: before AND after symlink resolution
- Prevent race conditions between check and use

Update path traversal tests:
- Correct test expectations for "..." (three dots is valid filename, not traversal)
- Add tests for symlink escape attempts
- Add unicode attack tests
- Add deeply nested traversal tests

Security impact: Prevents path traversal via symlink following in artifact
scanning and other file operations.
2026-02-23 19:44:16 -05:00
..
audit_test.go feat(audit): Tamper-evident audit chain verification system 2026-02-23 19:43:50 -05:00
filetype_test.go test(security): add comprehensive security unit tests 2026-02-23 18:00:45 -05:00
hipaa_validation_test.go feat(security): HIPAA compliance mode and PHI denylist validation 2026-02-23 19:43:19 -05:00
path_traversal_test.go fix(security): Path validation improvements for symlink resolution 2026-02-23 19:44:16 -05:00
secrets_test.go test(security): add comprehensive security unit tests 2026-02-23 18:00:45 -05:00