Git/cheat
1
0
Fork 0
mirror of https://github.com/cheat/cheat.git synced 2026-03-07 03:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: bump version to 4.5.0

Browse Source 
Bug fixes:
- Fix inverted pager detection logic (returned error instead of path)
- Fix repo.Clone ignoring destination directory parameter
- Fix sheet loading using append on pre-sized slices
- Clean up partial files on copy failure
- Trim whitespace from editor config

Security:
- Add path traversal protection for cheatsheet names

Performance:
- Move regex compilation outside search loop
- Replace string concatenation with strings.Join in search

Build:
- Remove go:generate; embed config and usage as string literals
- Parallelize release builds
- Add fuzz testing infrastructure

Testing:
- Improve test coverage from 38.9% to 50.2%
- Add fuzz tests for search, filter, tags, and validation

Documentation:
- Fix inaccurate code examples in HACKING.md
- Add missing --conf and --all options to man page
- Add ADRs for path traversal, env parsing, and search parallelization
- Update CONTRIBUTING.md to reflect project policy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christopher Allen Lane
2026-02-14 19:56:19 -05:00
parent 7908a678df
commit cc85a4bdb1
69 changed files with 4802 additions and 577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/cheatpath/cheatpath.go
View File

@@ -2,6 +2,8 @@
// management.
package cheatpath
import "fmt"
// Cheatpath encapsulates cheatsheet path information
type Cheatpath struct {
Name string `yaml:"name"`
@@ -9,3 +11,18 @@ type Cheatpath struct {
ReadOnly bool `yaml:"readonly"`
Tags []string `yaml:"tags"`
}
// Validate ensures that the Cheatpath is valid
func (c Cheatpath) Validate() error {
// Check that name is not empty
if c.Name == "" {
return fmt.Errorf("cheatpath name cannot be empty")
}
// Check that path is not empty
if c.Path == "" {
return fmt.Errorf("cheatpath path cannot be empty")
}
return nil
}

113
internal/cheatpath/cheatpath_test.go Normal file
View File

@@ -0,0 +1,113 @@
package cheatpath
import (
"strings"
"testing"
)
func TestCheatpathValidate(t *testing.T) {
tests := []struct {
name string
cheatpath Cheatpath
wantErr bool
errMsg string
}{
{
name: "valid cheatpath",
cheatpath: Cheatpath{
Name: "personal",
Path: "/home/user/.config/cheat/personal",
ReadOnly: false,
Tags: []string{"personal"},
},
wantErr: false,
},
{
name: "empty name",
cheatpath: Cheatpath{
Name: "",
Path: "/home/user/.config/cheat/personal",
ReadOnly: false,
Tags: []string{"personal"},
},
wantErr: true,
errMsg: "cheatpath name cannot be empty",
},
{
name: "empty path",
cheatpath: Cheatpath{
Name: "personal",
Path: "",
ReadOnly: false,
Tags: []string{"personal"},
},
wantErr: true,
errMsg: "cheatpath path cannot be empty",
},
{
name: "both empty",
cheatpath: Cheatpath{
Name: "",
Path: "",
ReadOnly: true,
Tags: nil,
},
wantErr: true,
errMsg: "cheatpath name cannot be empty",
},
{
name: "minimal valid",
cheatpath: Cheatpath{
Name: "x",
Path: "/",
},
wantErr: false,
},
{
name: "with readonly and tags",
cheatpath: Cheatpath{
Name: "community",
Path: "/usr/share/cheat",
ReadOnly: true,
Tags: []string{"community", "shared", "readonly"},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.cheatpath.Validate()
if (err != nil) != tt.wantErr {
t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr)
return
}
if err != nil && tt.errMsg != "" && !strings.Contains(err.Error(), tt.errMsg) {
t.Errorf("Validate() error = %v, want error containing %q", err, tt.errMsg)
}
})
}
}
func TestCheatpathStruct(t *testing.T) {
// Test that the struct fields work as expected
cp := Cheatpath{
Name: "test",
Path: "/test/path",
ReadOnly: true,
Tags: []string{"tag1", "tag2"},
}
if cp.Name != "test" {
t.Errorf("expected Name to be 'test', got %q", cp.Name)
}
if cp.Path != "/test/path" {
t.Errorf("expected Path to be '/test/path', got %q", cp.Path)
}
if !cp.ReadOnly {
t.Error("expected ReadOnly to be true")
}
if len(cp.Tags) != 2 || cp.Tags[0] != "tag1" || cp.Tags[1] != "tag2" {
t.Errorf("expected Tags to be [tag1 tag2], got %v", cp.Tags)
}
}

63
internal/cheatpath/doc.go Normal file
View File

@@ -0,0 +1,63 @@
// Package cheatpath manages collections of cheat sheets organized in filesystem directories.
//
// A Cheatpath represents a directory containing cheat sheets, with associated
// metadata such as tags and read-only status. Multiple cheatpaths can be
// configured to organize sheets from different sources (personal, community, work, etc.).
//
// # Cheatpath Structure
//
// Each cheatpath has:
// - Name: A friendly identifier (e.g., "personal", "community")
// - Path: The filesystem path to the directory
// - Tags: Tags automatically applied to all sheets in this path
// - ReadOnly: Whether sheets in this path can be modified
//
// Example configuration:
//
// cheatpaths:
// - name: personal
// path: ~/cheat
// tags: []
// readonly: false
// - name: community
// path: ~/cheat/community
// tags: [community]
// readonly: true
//
// # Directory-Scoped Cheatpaths
//
// The package supports directory-scoped cheatpaths via `.cheat` directories.
// When running cheat from a directory containing a `.cheat` subdirectory,
// that directory is temporarily added to the available cheatpaths.
//
// # Precedence and Overrides
//
// When multiple cheatpaths contain a sheet with the same name, the sheet
// from the most "local" cheatpath takes precedence. This allows users to
// override community sheets with personal versions.
//
// Key Functions
//
// - Filter: Filters cheatpaths by name
// - Validate: Ensures cheatpath configuration is valid
// - Writeable: Returns the first writeable cheatpath
//
// Example Usage
//
// // Filter cheatpaths to only "personal"
// filtered, err := cheatpath.Filter(paths, "personal")
// if err != nil {
// log.Fatal(err)
// }
//
// // Find a writeable cheatpath
// writeable, err := cheatpath.Writeable(paths)
// if err != nil {
// log.Fatal(err)
// }
//
// // Validate cheatpath configuration
// if err := cheatpath.Validate(paths); err != nil {
// log.Fatal(err)
// }
package cheatpath

36
internal/cheatpath/validate.go
View File

@@ -2,16 +2,38 @@ package cheatpath
import (
"fmt"
"path/filepath"
"strings"
)
// Validate returns an error if the cheatpath is invalid
func (c *Cheatpath) Validate() error {
if c.Name == "" {
return fmt.Errorf("invalid cheatpath: name must be specified")
// ValidateSheetName ensures that a cheatsheet name does not contain
// directory traversal sequences or other potentially dangerous patterns.
func ValidateSheetName(name string) error {
// Reject empty names
if name == "" {
return fmt.Errorf("cheatsheet name cannot be empty")
}
if c.Path == "" {
return fmt.Errorf("invalid cheatpath: path must be specified")
// Reject names containing directory traversal
if strings.Contains(name, "..") {
return fmt.Errorf("cheatsheet name cannot contain '..'")
}
// Reject absolute paths
if filepath.IsAbs(name) {
return fmt.Errorf("cheatsheet name cannot be an absolute path")
}
// Reject names that start with ~ (home directory expansion)
if strings.HasPrefix(name, "~") {
return fmt.Errorf("cheatsheet name cannot start with '~'")
}
// Reject hidden files (files that start with a dot)
// We don't display hidden files, so we shouldn't create them
filename := filepath.Base(name)
if strings.HasPrefix(filename, ".") {
return fmt.Errorf("cheatsheet name cannot start with '.' (hidden files are not supported)")
}
return nil

169
internal/cheatpath/validate_fuzz_test.go Normal file
View File

@@ -0,0 +1,169 @@
package cheatpath
import (
"strings"
"testing"
"unicode/utf8"
)
// FuzzValidateSheetName tests the ValidateSheetName function with fuzzing
// to ensure it properly prevents path traversal and other security issues
func FuzzValidateSheetName(f *testing.F) {
// Add seed corpus with various valid and malicious inputs
// Valid names
f.Add("docker")
f.Add("docker/compose")
f.Add("lang/go/slice")
f.Add("my-cheat_sheet")
f.Add("file.txt")
f.Add("a")
f.Add("123")
// Path traversal attempts
f.Add("..")
f.Add("../etc/passwd")
f.Add("foo/../bar")
f.Add("foo/../../etc/passwd")
f.Add("..\\windows\\system32")
f.Add("foo\\..\\..\\windows")
// Encoded traversal attempts
f.Add("%2e%2e")
f.Add("%2e%2e%2f")
f.Add("..%2f")
f.Add("%2e.")
f.Add(".%2e")
f.Add("\x2e\x2e")
f.Add("\\x2e\\x2e")
// Unicode and special characters
f.Add("€test")
f.Add("test€")
f.Add("中文")
f.Add("🎉emoji")
f.Add("\x00null")
f.Add("test\x00null")
f.Add("\nnewline")
f.Add("test\ttab")
// Absolute paths
f.Add("/etc/passwd")
f.Add("C:\\Windows\\System32")
f.Add("\\\\server\\share")
f.Add("//server/share")
// Home directory
f.Add("~")
f.Add("~/config")
f.Add("~user/file")
// Hidden files
f.Add(".hidden")
f.Add("dir/.hidden")
f.Add(".git/config")
// Edge cases
f.Add("")
f.Add(" ")
f.Add(" ")
f.Add("\t")
f.Add(".")
f.Add("./")
f.Add("./file")
f.Add(".../")
f.Add("...")
f.Add("....")
// Very long names
f.Add(strings.Repeat("a", 255))
f.Add(strings.Repeat("a/", 100) + "file")
f.Add(strings.Repeat("../", 50) + "etc/passwd")
f.Fuzz(func(t *testing.T, input string) {
// The function should never panic
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("ValidateSheetName panicked with input %q: %v", input, r)
}
}()
err := ValidateSheetName(input)
// Security invariants that must always hold
if err == nil {
// If validation passed, verify security properties
// Should not contain ".." for path traversal
if strings.Contains(input, "..") {
t.Errorf("validation passed but input contains '..': %q", input)
}
// Should not be empty
if input == "" {
t.Error("validation passed for empty input")
}
// Should not start with ~ (home directory)
if strings.HasPrefix(input, "~") {
t.Errorf("validation passed but input starts with '~': %q", input)
}
// Base filename should not start with .
parts := strings.Split(input, "/")
if len(parts) > 0 {
lastPart := parts[len(parts)-1]
if strings.HasPrefix(lastPart, ".") && lastPart != "." {
t.Errorf("validation passed but filename starts with '.': %q", input)
}
}
// Additional check: result should be valid UTF-8
if !utf8.ValidString(input) {
// While the function doesn't explicitly check this,
// we want to ensure it handles invalid UTF-8 gracefully
t.Logf("validation passed for invalid UTF-8: %q", input)
}
}
}()
})
}
// FuzzValidateSheetNamePathTraversal specifically targets path traversal bypasses
func FuzzValidateSheetNamePathTraversal(f *testing.F) {
// Seed corpus focusing on path traversal variations
f.Add("..", "/", "")
f.Add("", "..", "/")
f.Add("a", "b", "c")
f.Fuzz(func(t *testing.T, prefix string, middle string, suffix string) {
// Construct various path traversal attempts
inputs := []string{
prefix + ".." + suffix,
prefix + "/.." + suffix,
prefix + "\\.." + suffix,
prefix + middle + ".." + suffix,
prefix + "../" + middle + suffix,
prefix + "..%2f" + suffix,
prefix + "%2e%2e" + suffix,
prefix + "%2e%2e%2f" + suffix,
}
for _, input := range inputs {
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("ValidateSheetName panicked with constructed input %q: %v", input, r)
}
}()
err := ValidateSheetName(input)
// If the input contains literal "..", it must be rejected
if strings.Contains(input, "..") && err == nil {
t.Errorf("validation incorrectly passed for input containing '..': %q", input)
}
}()
}
})
}

142
internal/cheatpath/validate_test.go
View File

@@ -1,56 +1,106 @@
package cheatpath
import (
"strings"
"testing"
)
// TestValidateValid asserts that valid cheatpaths validate successfully
func TestValidateValid(t *testing.T) {
// initialize a valid cheatpath
cheatpath := Cheatpath{
Name: "foo",
Path: "/foo",
ReadOnly: false,
Tags: []string{},
func TestValidateSheetName(t *testing.T) {
tests := []struct {
name string
input string
wantErr bool
errMsg string
}{
// Valid names
{
name: "simple name",
input: "docker",
wantErr: false,
},
{
name: "name with slash",
input: "docker/compose",
wantErr: false,
},
{
name: "name with multiple slashes",
input: "lang/go/slice",
wantErr: false,
},
{
name: "name with dash and underscore",
input: "my-cheat_sheet",
wantErr: false,
},
// Invalid names
{
name: "empty name",
input: "",
wantErr: true,
errMsg: "empty",
},
{
name: "parent directory traversal",
input: "../etc/passwd",
wantErr: true,
errMsg: "'..'",
},
{
name: "complex traversal",
input: "foo/../../etc/passwd",
wantErr: true,
errMsg: "'..'",
},
{
name: "absolute path",
input: "/etc/passwd",
wantErr: true,
errMsg: "absolute",
},
{
name: "home directory",
input: "~/secrets",
wantErr: true,
errMsg: "'~'",
},
{
name: "just dots",
input: "..",
wantErr: true,
errMsg: "'..'",
},
{
name: "hidden file not allowed",
input: ".hidden",
wantErr: true,
errMsg: "cannot start with '.'",
},
{
name: "current dir is ok",
input: "./current",
wantErr: false,
},
{
name: "nested hidden file not allowed",
input: "config/.gitignore",
wantErr: true,
errMsg: "cannot start with '.'",
},
}
// assert that no errors are returned
if err := cheatpath.Validate(); err != nil {
t.Errorf("failed to validate valid cheatpath: %v", err)
}
}
// TestValidateMissingName asserts that paths that are missing a name fail to
// validate
func TestValidateMissingName(t *testing.T) {
// initialize a valid cheatpath
cheatpath := Cheatpath{
Path: "/foo",
ReadOnly: false,
Tags: []string{},
}
// assert that no errors are returned
if err := cheatpath.Validate(); err == nil {
t.Errorf("failed to invalidate cheatpath without name")
}
}
// TestValidateMissingPath asserts that paths that are missing a path fail to
// validate
func TestValidateMissingPath(t *testing.T) {
// initialize a valid cheatpath
cheatpath := Cheatpath{
Name: "foo",
ReadOnly: false,
Tags: []string{},
}
// assert that no errors are returned
if err := cheatpath.Validate(); err == nil {
t.Errorf("failed to invalidate cheatpath without path")
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := ValidateSheetName(tt.input)
if (err != nil) != tt.wantErr {
t.Errorf("ValidateName(%q) error = %v, wantErr %v", tt.input, err, tt.wantErr)
return
}
if err != nil && tt.errMsg != "" {
if !strings.Contains(err.Error(), tt.errMsg) {
t.Errorf("ValidateName(%q) error = %v, want error containing %q", tt.input, err, tt.errMsg)
}
}
})
}
}

3
internal/config/config.go
View File

@@ -96,6 +96,9 @@ func New(_ map[string]interface{}, confPath string, resolve bool) (Config, error
conf.Cheatpaths[i].Path = expanded
}
// trim editor whitespace
conf.Editor = strings.TrimSpace(conf.Editor)
// if an editor was not provided in the configs, attempt to choose one
// that's appropriate for the environment
if conf.Editor == "" {

247
internal/config/config_extended_test.go Normal file
View File

@@ -0,0 +1,247 @@
package config
import (
"os"
"path/filepath"
"testing"
"github.com/cheat/cheat/internal/mock"
)
// TestConfigYAMLErrors tests YAML parsing errors
func TestConfigYAMLErrors(t *testing.T) {
// Create a temporary file with invalid YAML
tempDir, err := os.MkdirTemp("", "cheat-config-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
invalidYAML := filepath.Join(tempDir, "invalid.yml")
err = os.WriteFile(invalidYAML, []byte("invalid: yaml: content:\n - no closing"), 0644)
if err != nil {
t.Fatalf("failed to write invalid yaml: %v", err)
}
// Attempt to load invalid YAML
_, err = New(map[string]interface{}{}, invalidYAML, false)
if err == nil {
t.Error("expected error for invalid YAML, got nil")
}
}
// TestConfigLocalCheatpath tests local .cheat directory detection
func TestConfigLocalCheatpath(t *testing.T) {
// Create a temporary directory to act as working directory
tempDir, err := os.MkdirTemp("", "cheat-config-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Save current working directory
oldCwd, err := os.Getwd()
if err != nil {
t.Fatalf("failed to get cwd: %v", err)
}
defer os.Chdir(oldCwd)
// Change to temp directory
err = os.Chdir(tempDir)
if err != nil {
t.Fatalf("failed to change dir: %v", err)
}
// Create .cheat directory
localCheat := filepath.Join(tempDir, ".cheat")
err = os.Mkdir(localCheat, 0755)
if err != nil {
t.Fatalf("failed to create .cheat dir: %v", err)
}
// Load config
conf, err := New(map[string]interface{}{}, mock.Path("conf/empty.yml"), false)
if err != nil {
t.Errorf("failed to load config: %v", err)
}
// Check that local cheatpath was added
found := false
for _, cp := range conf.Cheatpaths {
if cp.Name == "cwd" && cp.Path == localCheat {
found = true
break
}
}
if !found {
t.Error("local .cheat directory was not added to cheatpaths")
}
}
// TestConfigDefaults tests default values
func TestConfigDefaults(t *testing.T) {
// Load empty config
conf, err := New(map[string]interface{}{}, mock.Path("conf/empty.yml"), false)
if err != nil {
t.Errorf("failed to load config: %v", err)
}
// Check defaults
if conf.Style != "bw" {
t.Errorf("expected default style 'bw', got %s", conf.Style)
}
if conf.Formatter != "terminal" {
t.Errorf("expected default formatter 'terminal', got %s", conf.Formatter)
}
}
// TestConfigSymlinkResolution tests symlink resolution
func TestConfigSymlinkResolution(t *testing.T) {
// Create temp directory structure
tempDir, err := os.MkdirTemp("", "cheat-config-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Create target directory
targetDir := filepath.Join(tempDir, "target")
err = os.Mkdir(targetDir, 0755)
if err != nil {
t.Fatalf("failed to create target dir: %v", err)
}
// Create symlink
linkPath := filepath.Join(tempDir, "link")
err = os.Symlink(targetDir, linkPath)
if err != nil {
t.Fatalf("failed to create symlink: %v", err)
}
// Create config with symlink path
configContent := `---
editor: vim
cheatpaths:
- name: test
path: ` + linkPath + `
readonly: true
`
configFile := filepath.Join(tempDir, "config.yml")
err = os.WriteFile(configFile, []byte(configContent), 0644)
if err != nil {
t.Fatalf("failed to write config: %v", err)
}
// Load config with symlink resolution
conf, err := New(map[string]interface{}{}, configFile, true)
if err != nil {
t.Errorf("failed to load config: %v", err)
}
// Verify symlink was resolved
if len(conf.Cheatpaths) > 0 && conf.Cheatpaths[0].Path != targetDir {
t.Errorf("expected symlink to be resolved to %s, got %s", targetDir, conf.Cheatpaths[0].Path)
}
}
// TestConfigBrokenSymlink tests broken symlink handling
func TestConfigBrokenSymlink(t *testing.T) {
// Create temp directory
tempDir, err := os.MkdirTemp("", "cheat-config-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Create broken symlink
linkPath := filepath.Join(tempDir, "broken-link")
err = os.Symlink("/nonexistent/path", linkPath)
if err != nil {
t.Fatalf("failed to create symlink: %v", err)
}
// Create config with broken symlink
configContent := `---
editor: vim
cheatpaths:
- name: test
path: ` + linkPath + `
readonly: true
`
configFile := filepath.Join(tempDir, "config.yml")
err = os.WriteFile(configFile, []byte(configContent), 0644)
if err != nil {
t.Fatalf("failed to write config: %v", err)
}
// Load config with symlink resolution should fail
_, err = New(map[string]interface{}{}, configFile, true)
if err == nil {
t.Error("expected error for broken symlink, got nil")
}
}
// TestConfigTildeExpansionError tests tilde expansion error handling
func TestConfigTildeExpansionError(t *testing.T) {
// This is tricky to test without mocking homedir.Expand
// We'll create a config with an invalid home reference
tempDir, err := os.MkdirTemp("", "cheat-config-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Create config with user that likely doesn't exist
configContent := `---
editor: vim
cheatpaths:
- name: test
path: ~nonexistentuser12345/cheat
readonly: true
`
configFile := filepath.Join(tempDir, "config.yml")
err = os.WriteFile(configFile, []byte(configContent), 0644)
if err != nil {
t.Fatalf("failed to write config: %v", err)
}
// Load config - this may or may not fail depending on the system
// but we're testing that it doesn't panic
_, _ = New(map[string]interface{}{}, configFile, false)
}
// TestConfigGetCwdError tests error handling when os.Getwd fails
func TestConfigGetCwdError(t *testing.T) {
// This is difficult to test without being able to break os.Getwd
// We'll create a scenario where the current directory is removed
// Create and enter a temp directory
tempDir, err := os.MkdirTemp("", "cheat-config-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
oldCwd, err := os.Getwd()
if err != nil {
t.Fatalf("failed to get cwd: %v", err)
}
defer os.Chdir(oldCwd)
err = os.Chdir(tempDir)
if err != nil {
t.Fatalf("failed to change dir: %v", err)
}
// Remove the directory we're in
err = os.RemoveAll(tempDir)
if err != nil {
t.Fatalf("failed to remove temp dir: %v", err)
}
// Now os.Getwd should fail
_, err = New(map[string]interface{}{}, mock.Path("conf/empty.yml"), false)
// This might not fail on all systems, so we just ensure no panic
_ = err
}

52
internal/config/doc.go Normal file
View File

@@ -0,0 +1,52 @@
// Package config manages application configuration and settings.
//
// The config package provides functionality to:
// - Load configuration from YAML files
// - Validate configuration values
// - Manage platform-specific configuration paths
// - Handle editor and pager settings
// - Configure colorization and formatting options
//
// # Configuration Structure
//
// The main configuration file (conf.yml) contains:
// - Editor preferences
// - Pager settings
// - Colorization options
// - Cheatpath definitions
// - Formatting preferences
//
// Example configuration:
//
// ---
// editor: vim
// colorize: true
// style: monokai
// formatter: terminal256
// pager: less -FRX
// cheatpaths:
// - name: personal
// path: ~/cheat
// tags: []
// readonly: false
// - name: community
// path: ~/cheat/.cheat
// tags: [community]
// readonly: true
//
// # Platform-Specific Paths
//
// The package automatically detects configuration paths based on the operating system:
// - Linux/Unix: $XDG_CONFIG_HOME/cheat/conf.yml or ~/.config/cheat/conf.yml
// - macOS: ~/Library/Application Support/cheat/conf.yml
// - Windows: %APPDATA%\cheat\conf.yml
//
// # Environment Variables
//
// The following environment variables are respected:
// - CHEAT_CONFIG_PATH: Override the configuration file location
// - CHEAT_USE_FZF: Enable fzf integration when set to "true"
// - EDITOR: Default editor if not specified in config
// - VISUAL: Fallback editor if EDITOR is not set
// - PAGER: Default pager if not specified in config
package config

95
internal/config/editor_test.go Normal file
View File

@@ -0,0 +1,95 @@
package config
import (
"os"
"runtime"
"testing"
)
// TestEditor tests the Editor function
func TestEditor(t *testing.T) {
// Save original env vars
oldVisual := os.Getenv("VISUAL")
oldEditor := os.Getenv("EDITOR")
defer func() {
os.Setenv("VISUAL", oldVisual)
os.Setenv("EDITOR", oldEditor)
}()
t.Run("windows default", func(t *testing.T) {
if runtime.GOOS != "windows" {
t.Skip("skipping windows test on non-windows platform")
}
// Clear env vars
os.Setenv("VISUAL", "")
os.Setenv("EDITOR", "")
editor, err := Editor()
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if editor != "notepad" {
t.Errorf("expected 'notepad' on windows, got %s", editor)
}
})
t.Run("VISUAL takes precedence", func(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("skipping non-windows test on windows platform")
}
os.Setenv("VISUAL", "emacs")
os.Setenv("EDITOR", "nano")
editor, err := Editor()
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if editor != "emacs" {
t.Errorf("expected VISUAL to take precedence, got %s", editor)
}
})
t.Run("EDITOR when no VISUAL", func(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("skipping non-windows test on windows platform")
}
os.Setenv("VISUAL", "")
os.Setenv("EDITOR", "vim")
editor, err := Editor()
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if editor != "vim" {
t.Errorf("expected EDITOR value, got %s", editor)
}
})
t.Run("no editor found error", func(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("skipping non-windows test on windows platform")
}
// Clear all environment variables
os.Setenv("VISUAL", "")
os.Setenv("EDITOR", "")
// Create a custom PATH that doesn't include common editors
oldPath := os.Getenv("PATH")
defer os.Setenv("PATH", oldPath)
// Set a very limited PATH that won't have editors
os.Setenv("PATH", "/nonexistent")
editor, err := Editor()
// If we found an editor, it's likely in the system
// This test might not always produce an error on systems with editors
if editor == "" && err == nil {
t.Error("expected error when no editor found")
}
})
}

83
internal/config/init_test.go
View File

@@ -2,6 +2,8 @@ package config
import (
"os"
"path/filepath"
"strings"
"testing"
)
@@ -35,3 +37,84 @@ func TestInit(t *testing.T) {
t.Errorf("failed to write configs: want: %s, got: %s", conf, got)
}
}
// TestInitCreateDirectory tests that Init creates the directory if it doesn't exist
func TestInitCreateDirectory(t *testing.T) {
// Create a temp directory
tempDir, err := os.MkdirTemp("", "cheat-init-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Path to a config file in a non-existent subdirectory
confPath := filepath.Join(tempDir, "subdir", "conf.yml")
// Initialize the config file
conf := "test config"
if err = Init(confPath, conf); err != nil {
t.Errorf("failed to init config file: %v", err)
}
// Verify the directory was created
if _, err := os.Stat(filepath.Dir(confPath)); os.IsNotExist(err) {
t.Error("Init did not create the directory")
}
// Verify the file was created with correct content
bytes, err := os.ReadFile(confPath)
if err != nil {
t.Errorf("failed to read config file: %v", err)
}
if string(bytes) != conf {
t.Errorf("config content mismatch: got %q, want %q", string(bytes), conf)
}
}
// TestInitWriteError tests error handling when file write fails
func TestInitWriteError(t *testing.T) {
// Skip this test if running as root (can write anywhere)
if os.Getuid() == 0 {
t.Skip("Cannot test write errors as root")
}
// Try to write to a read-only directory
err := Init("/dev/null/impossible/path/conf.yml", "test")
if err == nil {
t.Error("expected error when writing to invalid path, got nil")
}
if err != nil && !strings.Contains(err.Error(), "failed to create") {
t.Errorf("expected 'failed to create' error, got: %v", err)
}
}
// TestInitExistingFile tests that Init overwrites existing files
func TestInitExistingFile(t *testing.T) {
// Create a temp file
tempFile, err := os.CreateTemp("", "cheat-init-existing-*")
if err != nil {
t.Fatalf("failed to create temp file: %v", err)
}
defer os.Remove(tempFile.Name())
// Write initial content
initialContent := "initial content"
if err := os.WriteFile(tempFile.Name(), []byte(initialContent), 0644); err != nil {
t.Fatalf("failed to write initial content: %v", err)
}
// Initialize with new content
newContent := "new config content"
if err = Init(tempFile.Name(), newContent); err != nil {
t.Errorf("failed to init over existing file: %v", err)
}
// Verify the file was overwritten
bytes, err := os.ReadFile(tempFile.Name())
if err != nil {
t.Errorf("failed to read config file: %v", err)
}
if string(bytes) != newContent {
t.Errorf("config not overwritten: got %q, want %q", string(bytes), newContent)
}
}

125
internal/config/new_test.go Normal file
View File

@@ -0,0 +1,125 @@
package config
import (
"os"
"path/filepath"
"testing"
)
func TestNewTrimsWhitespace(t *testing.T) {
// Create a temporary config file with whitespace in editor and pager
tmpDir := t.TempDir()
configPath := filepath.Join(tmpDir, "config.yml")
configContent := `---
editor: " vim -c 'set number' "
pager: " less -R "
style: monokai
formatter: terminal
cheatpaths:
- name: personal
path: ~/cheat
tags: []
readonly: false
`
if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil {
t.Fatalf("failed to write test config: %v", err)
}
// Load the config
conf, err := New(map[string]interface{}{}, configPath, false)
if err != nil {
t.Fatalf("failed to load config: %v", err)
}
// Verify editor is trimmed
expectedEditor := "vim -c 'set number'"
if conf.Editor != expectedEditor {
t.Errorf("editor not properly trimmed: got %q, want %q", conf.Editor, expectedEditor)
}
// Verify pager is trimmed
expectedPager := "less -R"
if conf.Pager != expectedPager {
t.Errorf("pager not properly trimmed: got %q, want %q", conf.Pager, expectedPager)
}
}
func TestNewEmptyEditorFallback(t *testing.T) {
// Skip if required environment variables would interfere
oldVisual := os.Getenv("VISUAL")
oldEditor := os.Getenv("EDITOR")
os.Unsetenv("VISUAL")
os.Unsetenv("EDITOR")
defer func() {
os.Setenv("VISUAL", oldVisual)
os.Setenv("EDITOR", oldEditor)
}()
// Create a config with whitespace-only editor
tmpDir := t.TempDir()
configPath := filepath.Join(tmpDir, "config.yml")
configContent := `---
editor: " "
pager: less
style: monokai
formatter: terminal
cheatpaths:
- name: personal
path: ~/cheat
tags: []
readonly: false
`
if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil {
t.Fatalf("failed to write test config: %v", err)
}
// Load the config
conf, err := New(map[string]interface{}{}, configPath, false)
if err != nil {
// It's OK if this fails due to no editor being found
// The important thing is it doesn't panic
return
}
// If it succeeded, editor should not be empty (fallback was used)
if conf.Editor == "" {
t.Error("editor should not be empty after fallback")
}
}
func TestNewWhitespaceOnlyPager(t *testing.T) {
// Create a config with whitespace-only pager
tmpDir := t.TempDir()
configPath := filepath.Join(tmpDir, "config.yml")
configContent := `---
editor: vim
pager: " "
style: monokai
formatter: terminal
cheatpaths:
- name: personal
path: ~/cheat
tags: []
readonly: false
`
if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil {
t.Fatalf("failed to write test config: %v", err)
}
// Load the config
conf, err := New(map[string]interface{}{}, configPath, false)
if err != nil {
t.Fatalf("failed to load config: %v", err)
}
// Pager should be empty after trimming
if conf.Pager != "" {
t.Errorf("pager should be empty after trimming whitespace: got %q", conf.Pager)
}
}

2
internal/config/pager.go
View File

@@ -22,7 +22,7 @@ func Pager() string {
// Otherwise, search for `pager`, `less`, and `more` on the `$PATH`. If
// none are found, return an empty pager.
for _, pager := range []string{"pager", "less", "more"} {
if path, err := exec.LookPath(pager); err != nil {
if path, err := exec.LookPath(pager); err == nil {
return path
}
}

90
internal/config/pager_test.go Normal file
View File

@@ -0,0 +1,90 @@
package config
import (
"os"
"runtime"
"testing"
)
// TestPager tests the Pager function
func TestPager(t *testing.T) {
// Save original env var
oldPager := os.Getenv("PAGER")
defer os.Setenv("PAGER", oldPager)
t.Run("windows default", func(t *testing.T) {
if runtime.GOOS != "windows" {
t.Skip("skipping windows test on non-windows platform")
}
os.Setenv("PAGER", "")
pager := Pager()
if pager != "more" {
t.Errorf("expected 'more' on windows, got %s", pager)
}
})
t.Run("PAGER env var", func(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("skipping non-windows test on windows platform")
}
os.Setenv("PAGER", "bat")
pager := Pager()
if pager != "bat" {
t.Errorf("expected PAGER env var value, got %s", pager)
}
})
t.Run("fallback to system pager", func(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("skipping non-windows test on windows platform")
}
os.Setenv("PAGER", "")
pager := Pager()
// Should find one of the fallback pagers or return empty string
validPagers := map[string]bool{
"": true, // no pager found
"pager": true,
"less": true,
"more": true,
}
// Check if it's a path to one of these
found := false
for p := range validPagers {
if p == "" && pager == "" {
found = true
break
}
if p != "" && (pager == p || len(pager) >= len(p) && pager[len(pager)-len(p):] == p) {
found = true
break
}
}
if !found {
t.Errorf("unexpected pager value: %s", pager)
}
})
t.Run("no pager available", func(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("skipping non-windows test on windows platform")
}
os.Setenv("PAGER", "")
// Save and modify PATH to ensure no pagers are found
oldPath := os.Getenv("PATH")
defer os.Setenv("PATH", oldPath)
os.Setenv("PATH", "/nonexistent")
pager := Pager()
if pager != "" {
t.Errorf("expected empty string when no pager found, got %s", pager)
}
})
}

45
internal/display/doc.go Normal file
View File

@@ -0,0 +1,45 @@
// Package display handles output formatting and presentation for the cheat application.
//
// The display package provides utilities for:
// - Writing output to stdout or a pager
// - Formatting text with indentation
// - Creating faint (dimmed) text for de-emphasis
// - Managing colored output
//
// # Pager Integration
//
// The package integrates with system pagers (less, more, etc.) to handle
// long output. If a pager is configured and the output is to a terminal,
// content is automatically piped through the pager.
//
// # Text Formatting
//
// Various formatting utilities are provided:
// - Faint: Creates dimmed text using ANSI escape codes
// - Indent: Adds consistent indentation to text blocks
// - Write: Intelligent output that uses stdout or pager as appropriate
//
// Example Usage
//
// // Write output, using pager if configured
// if err := display.Write(output, config); err != nil {
// log.Fatal(err)
// }
//
// // Create faint text for de-emphasis
// fainted := display.Faint("(read-only)", config)
//
// // Indent a block of text
// indented := display.Indent(text, " ")
//
// # Color Support
//
// The package respects the colorization settings from the config.
// When colorization is disabled, formatting functions like Faint
// return unmodified text.
//
// # Terminal Detection
//
// The package uses isatty to detect if output is to a terminal,
// which affects decisions about using a pager and applying colors.
package display

5
internal/display/write.go
View File

@@ -19,6 +19,11 @@ func Write(out string, conf config.Config) {
}
// otherwise, pipe output through the pager
writeToPager(out, conf)
}
// writeToPager writes output through a pager command
func writeToPager(out string, conf config.Config) {
parts := strings.Split(conf.Pager, " ")
pager := parts[0]
args := parts[1:]

136
internal/display/write_test.go Normal file
View File

@@ -0,0 +1,136 @@
package display
import (
"bytes"
"io"
"os"
"os/exec"
"strings"
"testing"
"github.com/cheat/cheat/internal/config"
)
// TestWriteToPager tests the writeToPager function
func TestWriteToPager(t *testing.T) {
// Skip these tests in CI/CD environments where interactive commands might not work
if os.Getenv("CI") != "" {
t.Skip("Skipping pager tests in CI environment")
}
// Note: We can't easily test os.Exit calls, so we focus on testing writeToPager
// which contains the core logic
t.Run("successful pager execution", func(t *testing.T) {
// Save original stdout
oldStdout := os.Stdout
defer func() {
os.Stdout = oldStdout
}()
// Create pipe for capturing output
r, w, _ := os.Pipe()
os.Stdout = w
// Use 'cat' as a simple pager that just outputs input
conf := config.Config{
Pager: "cat",
}
// This will call os.Exit on error, so we need to be careful
// We're using 'cat' which should always succeed
input := "Test output\n"
// Run in a goroutine to avoid blocking
done := make(chan bool)
go func() {
writeToPager(input, conf)
done <- true
}()
// Wait for completion or timeout
select {
case <-done:
// Success
}
// Close write end and read output
w.Close()
var buf bytes.Buffer
io.Copy(&buf, r)
// Verify output
if buf.String() != input {
t.Errorf("expected output %q, got %q", input, buf.String())
}
})
t.Run("pager with arguments", func(t *testing.T) {
// Save original stdout
oldStdout := os.Stdout
defer func() {
os.Stdout = oldStdout
}()
// Create pipe for capturing output
r, w, _ := os.Pipe()
os.Stdout = w
// Use 'cat' with '-A' flag (shows non-printing characters)
conf := config.Config{
Pager: "cat -A",
}
input := "Test\toutput\n"
// Run in a goroutine
done := make(chan bool)
go func() {
writeToPager(input, conf)
done <- true
}()
// Wait for completion
select {
case <-done:
// Success
}
// Close write end and read output
w.Close()
var buf bytes.Buffer
io.Copy(&buf, r)
// cat -A shows tabs as ^I and line endings as $
expected := "Test^Ioutput$\n"
if buf.String() != expected {
t.Errorf("expected output %q, got %q", expected, buf.String())
}
})
}
// TestWriteToPagerError tests error handling in writeToPager
func TestWriteToPagerError(t *testing.T) {
if os.Getenv("TEST_PAGER_ERROR_SUBPROCESS") == "1" {
// This is the subprocess - run the actual test
conf := config.Config{Pager: "/nonexistent/command"}
writeToPager("test", conf)
return
}
// Run test in subprocess to handle os.Exit
cmd := exec.Command(os.Args[0], "-test.run=^TestWriteToPagerError$")
cmd.Env = append(os.Environ(), "TEST_PAGER_ERROR_SUBPROCESS=1")
output, err := cmd.CombinedOutput()
// Should exit with error
if err == nil {
t.Error("expected process to exit with error")
}
// Should contain error message
if !strings.Contains(string(output), "failed to write to pager") {
t.Errorf("expected error message about pager failure, got %q", string(output))
}
}

180
internal/installer/prompt_test.go Normal file
View File

@@ -0,0 +1,180 @@
package installer
import (
"bytes"
"fmt"
"io"
"os"
"strings"
"testing"
)
func TestPrompt(t *testing.T) {
// Save original stdin/stdout
oldStdin := os.Stdin
oldStdout := os.Stdout
defer func() {
os.Stdin = oldStdin
os.Stdout = oldStdout
}()
tests := []struct {
name string
prompt string
input string
defaultVal bool
want bool
wantErr bool
wantPrompt string
}{
{
name: "answer yes",
prompt: "Continue?",
input: "y\n",
defaultVal: false,
want: true,
wantPrompt: "Continue?: ",
},
{
name: "answer yes with uppercase",
prompt: "Continue?",
input: "Y\n",
defaultVal: false,
want: true,
wantPrompt: "Continue?: ",
},
{
name: "answer yes with spaces",
prompt: "Continue?",
input: " y \n",
defaultVal: false,
want: true,
wantPrompt: "Continue?: ",
},
{
name: "answer no",
prompt: "Continue?",
input: "n\n",
defaultVal: true,
want: false,
wantPrompt: "Continue?: ",
},
{
name: "answer no with any text",
prompt: "Continue?",
input: "anything\n",
defaultVal: true,
want: false,
wantPrompt: "Continue?: ",
},
{
name: "empty answer uses default true",
prompt: "Continue?",
input: "\n",
defaultVal: true,
want: true,
wantPrompt: "Continue?: ",
},
{
name: "empty answer uses default false",
prompt: "Continue?",
input: "\n",
defaultVal: false,
want: false,
wantPrompt: "Continue?: ",
},
{
name: "whitespace answer uses default",
prompt: "Continue?",
input: " \n",
defaultVal: true,
want: true,
wantPrompt: "Continue?: ",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Create a pipe for stdin
r, w, _ := os.Pipe()
os.Stdin = r
// Create a pipe for stdout to capture the prompt
rOut, wOut, _ := os.Pipe()
os.Stdout = wOut
// Write input to stdin
go func() {
defer w.Close()
io.WriteString(w, tt.input)
}()
// Call the function
got, err := Prompt(tt.prompt, tt.defaultVal)
// Close stdout write end and read the prompt
wOut.Close()
var buf bytes.Buffer
io.Copy(&buf, rOut)
// Check error
if (err != nil) != tt.wantErr {
t.Errorf("Prompt() error = %v, wantErr %v", err, tt.wantErr)
return
}
// Check result
if got != tt.want {
t.Errorf("Prompt() = %v, want %v", got, tt.want)
}
// Check that prompt was displayed correctly
if buf.String() != tt.wantPrompt {
t.Errorf("Prompt display = %q, want %q", buf.String(), tt.wantPrompt)
}
})
}
}
func TestPromptError(t *testing.T) {
// Save original stdin
oldStdin := os.Stdin
defer func() {
os.Stdin = oldStdin
}()
// Create a pipe and close it immediately to simulate read error
r, w, _ := os.Pipe()
os.Stdin = r
r.Close()
w.Close()
// This should cause a read error
_, err := Prompt("Test?", false)
if err == nil {
t.Error("expected error when reading from closed stdin, got nil")
}
if !strings.Contains(err.Error(), "failed to parse input") {
t.Errorf("expected 'failed to parse input' error, got: %v", err)
}
}
// TestPromptIntegration provides a simple integration test
func TestPromptIntegration(t *testing.T) {
// This demonstrates how the prompt would be used in practice
// It's skipped by default since it requires actual user input
if os.Getenv("TEST_INTERACTIVE") != "1" {
t.Skip("Skipping interactive test - set TEST_INTERACTIVE=1 to run")
}
fmt.Println("\n=== Interactive Prompt Test ===")
fmt.Println("You will be prompted to answer a question.")
fmt.Println("Try different inputs: y, n, Y, N, empty (just press Enter)")
result, err := Prompt("Would you like to continue? [Y/n]", true)
if err != nil {
t.Fatalf("Prompt failed: %v", err)
}
fmt.Printf("You answered: %v\n", result)
}

236
internal/installer/run_test.go Normal file
View File

@@ -0,0 +1,236 @@
package installer
import (
"fmt"
"io"
"os"
"path/filepath"
"strings"
"testing"
)
func TestRun(t *testing.T) {
// Create a temporary directory for testing
tempDir, err := os.MkdirTemp("", "cheat-installer-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Save original stdin/stdout
oldStdin := os.Stdin
oldStdout := os.Stdout
defer func() {
os.Stdin = oldStdin
os.Stdout = oldStdout
}()
tests := []struct {
name string
configs string
confpath string
userInput string
wantErr bool
wantInErr string
checkFiles []string
dontWantFiles []string
}{
{
name: "user declines community cheatsheets",
configs: `---
editor: EDITOR_PATH
pager: PAGER_PATH
cheatpaths:
- name: community
path: COMMUNITY_PATH
tags: [ community ]
readonly: true
- name: personal
path: PERSONAL_PATH
tags: [ personal ]
readonly: false
`,
confpath: filepath.Join(tempDir, "conf1", "conf.yml"),
userInput: "n\n",
wantErr: false,
checkFiles: []string{"conf1/conf.yml"},
dontWantFiles: []string{"conf1/cheatsheets/community", "conf1/cheatsheets/personal"},
},
{
name: "user accepts but clone fails",
configs: `---
cheatpaths:
- name: community
path: COMMUNITY_PATH
`,
confpath: filepath.Join(tempDir, "conf2", "conf.yml"),
userInput: "y\n",
wantErr: true,
wantInErr: "failed to clone cheatsheets",
},
{
name: "invalid config path",
configs: "test",
confpath: "/nonexistent/path/conf.yml",
userInput: "n\n",
wantErr: true,
wantInErr: "failed to create config file",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Create stdin pipe
r, w, _ := os.Pipe()
os.Stdin = r
// Create stdout pipe to suppress output
_, wOut, _ := os.Pipe()
os.Stdout = wOut
// Write user input
go func() {
defer w.Close()
io.WriteString(w, tt.userInput)
}()
// Run the installer
err := Run(tt.configs, tt.confpath)
// Close pipes
wOut.Close()
// Check error
if (err != nil) != tt.wantErr {
t.Errorf("Run() error = %v, wantErr %v", err, tt.wantErr)
}
if err != nil && tt.wantInErr != "" && !strings.Contains(err.Error(), tt.wantInErr) {
t.Errorf("Run() error = %v, want error containing %q", err, tt.wantInErr)
}
// Check created files
for _, file := range tt.checkFiles {
path := filepath.Join(tempDir, file)
if _, err := os.Stat(path); os.IsNotExist(err) {
t.Errorf("expected file %s to exist, but it doesn't", path)
}
}
// Check files that shouldn't exist
for _, file := range tt.dontWantFiles {
path := filepath.Join(tempDir, file)
if _, err := os.Stat(path); err == nil {
t.Errorf("expected file %s to not exist, but it does", path)
}
}
})
}
}
func TestRunPromptError(t *testing.T) {
// Save original stdin
oldStdin := os.Stdin
defer func() {
os.Stdin = oldStdin
}()
// Close stdin to cause prompt error
r, w, _ := os.Pipe()
os.Stdin = r
r.Close()
w.Close()
tempDir, _ := os.MkdirTemp("", "cheat-installer-prompt-test-*")
defer os.RemoveAll(tempDir)
err := Run("test", filepath.Join(tempDir, "conf.yml"))
if err == nil {
t.Error("expected error when prompt fails, got nil")
}
if !strings.Contains(err.Error(), "failed to prompt") {
t.Errorf("expected 'failed to prompt' error, got: %v", err)
}
}
func TestRunStringReplacements(t *testing.T) {
// Test that path replacements work correctly
configs := `---
editor: EDITOR_PATH
pager: PAGER_PATH
cheatpaths:
- name: community
path: COMMUNITY_PATH
- name: personal
path: PERSONAL_PATH
`
// Create temp directory
tempDir, err := os.MkdirTemp("", "cheat-installer-replace-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
confpath := filepath.Join(tempDir, "conf.yml")
confdir := filepath.Dir(confpath)
// Expected paths
expectedCommunity := filepath.Join(confdir, "cheatsheets", "community")
expectedPersonal := filepath.Join(confdir, "cheatsheets", "personal")
// Save original stdin/stdout
oldStdin := os.Stdin
oldStdout := os.Stdout
defer func() {
os.Stdin = oldStdin
os.Stdout = oldStdout
}()
// Create stdin pipe with "n" answer
r, w, _ := os.Pipe()
os.Stdin = r
go func() {
defer w.Close()
io.WriteString(w, "n\n")
}()
// Suppress stdout
_, wOut, _ := os.Pipe()
os.Stdout = wOut
defer wOut.Close()
// Run installer
err = Run(configs, confpath)
if err != nil {
t.Fatalf("Run() failed: %v", err)
}
// Read the created config file
content, err := os.ReadFile(confpath)
if err != nil {
t.Fatalf("failed to read config file: %v", err)
}
// Check replacements
contentStr := string(content)
if strings.Contains(contentStr, "COMMUNITY_PATH") {
t.Error("COMMUNITY_PATH was not replaced")
}
if strings.Contains(contentStr, "PERSONAL_PATH") {
t.Error("PERSONAL_PATH was not replaced")
}
if strings.Contains(contentStr, "EDITOR_PATH") && !strings.Contains(contentStr, fmt.Sprintf("editor: %s", "")) {
t.Error("EDITOR_PATH was not replaced")
}
if strings.Contains(contentStr, "PAGER_PATH") && !strings.Contains(contentStr, fmt.Sprintf("pager: %s", "")) {
t.Error("PAGER_PATH was not replaced")
}
// Verify correct paths were used
if !strings.Contains(contentStr, expectedCommunity) {
t.Errorf("expected community path %q in config", expectedCommunity)
}
if !strings.Contains(contentStr, expectedPersonal) {
t.Errorf("expected personal path %q in config", expectedPersonal)
}
}

6
internal/repo/clone.go
View File

@@ -8,11 +8,11 @@ import (
"github.com/go-git/go-git/v5"
)
// Clone clones the repo available at `url`
func Clone(url string) error {
// Clone clones the community cheatsheets repository to the specified directory
func Clone(dir string) error {
// clone the community cheatsheets
_, err := git.PlainClone(url, false, &git.CloneOptions{
_, err := git.PlainClone(dir, false, &git.CloneOptions{
URL: "https://github.com/cheat/cheatsheets.git",
Depth: 1,
Progress: os.Stdout,

80
internal/repo/clone_integration_test.go Normal file
View File

@@ -0,0 +1,80 @@
//go:build integration
// +build integration
package repo
import (
"os"
"path/filepath"
"testing"
)
// TestCloneIntegration performs a real clone operation to verify functionality
// Run with: go test -tags=integration ./internal/repo -v -run TestCloneIntegration
func TestCloneIntegration(t *testing.T) {
if testing.Short() {
t.Skip("Skipping integration test in short mode")
}
// Create a temporary directory
tmpDir, err := os.MkdirTemp("", "cheat-clone-integration-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tmpDir)
destDir := filepath.Join(tmpDir, "cheatsheets")
t.Logf("Cloning to: %s", destDir)
// Perform the actual clone
err = Clone(destDir)
if err != nil {
t.Fatalf("Clone() failed: %v", err)
}
// Verify the clone succeeded
info, err := os.Stat(destDir)
if err != nil {
t.Fatalf("destination directory not created: %v", err)
}
if !info.IsDir() {
t.Fatal("destination is not a directory")
}
// Check for .git directory
gitDir := filepath.Join(destDir, ".git")
if _, err := os.Stat(gitDir); err != nil {
t.Error(".git directory not found")
}
// Check for some expected cheatsheets
expectedFiles := []string{
"bash", // bash cheatsheet should exist
"git", // git cheatsheet should exist
"ls", // ls cheatsheet should exist
}
foundCount := 0
for _, file := range expectedFiles {
path := filepath.Join(destDir, file)
if _, err := os.Stat(path); err == nil {
foundCount++
}
}
if foundCount < 2 {
t.Errorf("expected at least 2 common cheatsheets, found %d", foundCount)
}
t.Log("Clone integration test passed!")
// Test cloning to existing directory (should fail)
err = Clone(destDir)
if err == nil {
t.Error("expected error when cloning to existing repository, got nil")
} else {
t.Logf("Expected error when cloning to existing dir: %v", err)
}
}

49
internal/repo/clone_test.go Normal file
View File

@@ -0,0 +1,49 @@
package repo
import (
"os"
"path/filepath"
"testing"
)
// TestClone tests the Clone function
func TestClone(t *testing.T) {
// This test requires network access, so we'll only test error cases
// that don't require actual cloning
t.Run("clone to read-only directory", func(t *testing.T) {
if os.Getuid() == 0 {
t.Skip("Cannot test read-only directory as root")
}
// Create a temporary directory
tempDir, err := os.MkdirTemp("", "cheat-clone-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Create a read-only subdirectory
readOnlyDir := filepath.Join(tempDir, "readonly")
if err := os.Mkdir(readOnlyDir, 0555); err != nil {
t.Fatalf("failed to create read-only dir: %v", err)
}
// Attempt to clone to read-only directory
targetDir := filepath.Join(readOnlyDir, "cheatsheets")
err = Clone(targetDir)
// Should fail because we can't write to read-only directory
if err == nil {
t.Error("expected error when cloning to read-only directory, got nil")
}
})
t.Run("clone to invalid path", func(t *testing.T) {
// Try to clone to a path with null bytes (invalid on most filesystems)
err := Clone("/tmp/invalid\x00path")
if err == nil {
t.Error("expected error with invalid path, got nil")
}
})
}

177
internal/repo/gitdir_test.go Normal file
View File

@@ -0,0 +1,177 @@
package repo
import (
"fmt"
"os"
"path/filepath"
"testing"
)
func TestGitDir(t *testing.T) {
// Create a temporary directory for testing
tempDir, err := os.MkdirTemp("", "cheat-test-*")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
// Create test directory structure
testDirs := []string{
filepath.Join(tempDir, ".git"),
filepath.Join(tempDir, ".git", "objects"),
filepath.Join(tempDir, ".git", "refs"),
filepath.Join(tempDir, "regular"),
filepath.Join(tempDir, "regular", ".git"),
filepath.Join(tempDir, "submodule"),
}
for _, dir := range testDirs {
if err := os.MkdirAll(dir, 0755); err != nil {
t.Fatalf("failed to create dir %s: %v", dir, err)
}
}
// Create test files
testFiles := map[string]string{
filepath.Join(tempDir, ".gitignore"): "*.tmp\n",
filepath.Join(tempDir, ".gitattributes"): "* text=auto\n",
filepath.Join(tempDir, "submodule", ".git"): "gitdir: ../.git/modules/submodule\n",
filepath.Join(tempDir, "regular", "sheet.txt"): "content\n",
}
for file, content := range testFiles {
if err := os.WriteFile(file, []byte(content), 0644); err != nil {
t.Fatalf("failed to create file %s: %v", file, err)
}
}
tests := []struct {
name string
path string
want bool
wantErr bool
}{
{
name: "not in git directory",
path: filepath.Join(tempDir, "regular", "sheet.txt"),
want: false,
},
{
name: "in .git directory",
path: filepath.Join(tempDir, ".git", "objects", "file"),
want: true,
},
{
name: "in .git/refs directory",
path: filepath.Join(tempDir, ".git", "refs", "heads", "main"),
want: true,
},
{
name: ".gitignore file",
path: filepath.Join(tempDir, ".gitignore"),
want: false,
},
{
name: ".gitattributes file",
path: filepath.Join(tempDir, ".gitattributes"),
want: false,
},
{
name: "submodule with .git file",
path: filepath.Join(tempDir, "submodule", "sheet.txt"),
want: false,
},
{
name: "path with .git in middle",
path: filepath.Join(tempDir, "regular", ".git", "sheet.txt"),
want: true,
},
{
name: "nonexistent path without .git",
path: filepath.Join(tempDir, "nonexistent", "file"),
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := GitDir(tt.path)
if (err != nil) != tt.wantErr {
t.Errorf("GitDir() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("GitDir() = %v, want %v", got, tt.want)
}
})
}
}
func TestGitDirEdgeCases(t *testing.T) {
// Test with paths that have .git but not as a directory separator
tests := []struct {
name string
path string
want bool
}{
{
name: "file ending with .git",
path: "/tmp/myfile.git",
want: false,
},
{
name: "directory ending with .git",
path: "/tmp/myrepo.git",
want: false,
},
{
name: ".github directory",
path: "/tmp/.github/workflows",
want: false,
},
{
name: "legitimate.git-repo name",
path: "/tmp/legitimate.git-repo/file",
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := GitDir(tt.path)
if err != nil {
// It's ok if the path doesn't exist for these edge case tests
return
}
if got != tt.want {
t.Errorf("GitDir(%q) = %v, want %v", tt.path, got, tt.want)
}
})
}
}
func TestGitDirPathSeparator(t *testing.T) {
// Test that the function correctly uses os.PathSeparator
// This is important for cross-platform compatibility
// Create a path with the wrong separator for the current OS
var wrongSep string
if os.PathSeparator == '/' {
wrongSep = `\`
} else {
wrongSep = `/`
}
// Path with wrong separator should not be detected as git dir
path := fmt.Sprintf("some%spath%s.git%sfile", wrongSep, wrongSep, wrongSep)
isGit, err := GitDir(path)
if err != nil {
// Path doesn't exist, which is fine
return
}
if isGit {
t.Errorf("GitDir() incorrectly detected git dir with wrong path separator")
}
}

26
internal/sheet/colorize_test.go
View File

@@ -32,3 +32,29 @@ func TestColorize(t *testing.T) {
t.Errorf("failed to colorize sheet: want: %s, got: %s", want, s.Text)
}
}
// TestColorizeError tests the error handling in Colorize
func TestColorizeError(_ *testing.T) {
// Create a sheet with content
sheet := Sheet{
Text: "some text",
Syntax: "invalidlexer12345", // Use an invalid lexer that might cause issues
}
// Create a config with invalid formatter/style
conf := config.Config{
Formatter: "invalidformatter",
Style: "invalidstyle",
}
// Store original text
originalText := sheet.Text
// Colorize should not panic even with invalid settings
sheet.Colorize(conf)
// The text might be unchanged if there was an error, or it might be colorized
// We're mainly testing that it doesn't panic
_ = sheet.Text
_ = originalText
}

2
internal/sheet/copy.go
View File

@@ -39,6 +39,8 @@ func (s *Sheet) Copy(dest string) error {
// copy file contents
_, err = io.Copy(outfile, infile)
if err != nil {
// Clean up the partially written file on error
os.Remove(dest)
return fmt.Errorf(
"failed to copy file: infile: %s, outfile: %s, err: %v",
s.Path,

187
internal/sheet/copy_error_test.go Normal file
View File

@@ -0,0 +1,187 @@
package sheet
import (
"os"
"path/filepath"
"testing"
)
// TestCopyErrors tests error cases for the Copy method
func TestCopyErrors(t *testing.T) {
tests := []struct {
name string
setup func() (*Sheet, string, func())
wantErr bool
errMsg string
}{
{
name: "source file does not exist",
setup: func() (*Sheet, string, func()) {
// Create a sheet with non-existent path
sheet := &Sheet{
Title: "test",
Path: "/non/existent/file.txt",
CheatPath: "test",
}
dest := filepath.Join(os.TempDir(), "copy-test-dest.txt")
cleanup := func() {
os.Remove(dest)
}
return sheet, dest, cleanup
},
wantErr: true,
errMsg: "failed to open cheatsheet",
},
{
name: "destination directory creation fails",
setup: func() (*Sheet, string, func()) {
// Create a source file
src, err := os.CreateTemp("", "copy-test-src-*")
if err != nil {
t.Fatalf("failed to create temp file: %v", err)
}
src.WriteString("test content")
src.Close()
sheet := &Sheet{
Title: "test",
Path: src.Name(),
CheatPath: "test",
}
// Create a file where we want a directory
blockerFile := filepath.Join(os.TempDir(), "copy-blocker-file")
if err := os.WriteFile(blockerFile, []byte("blocker"), 0644); err != nil {
t.Fatalf("failed to create blocker file: %v", err)
}
// Try to create dest under the blocker file (will fail)
dest := filepath.Join(blockerFile, "subdir", "dest.txt")
cleanup := func() {
os.Remove(src.Name())
os.Remove(blockerFile)
}
return sheet, dest, cleanup
},
wantErr: true,
errMsg: "failed to create directory",
},
{
name: "destination file creation fails",
setup: func() (*Sheet, string, func()) {
// Create a source file
src, err := os.CreateTemp("", "copy-test-src-*")
if err != nil {
t.Fatalf("failed to create temp file: %v", err)
}
src.WriteString("test content")
src.Close()
sheet := &Sheet{
Title: "test",
Path: src.Name(),
CheatPath: "test",
}
// Create a directory where we want the file
destDir := filepath.Join(os.TempDir(), "copy-test-dir")
if err := os.Mkdir(destDir, 0755); err != nil && !os.IsExist(err) {
t.Fatalf("failed to create dest dir: %v", err)
}
cleanup := func() {
os.Remove(src.Name())
os.RemoveAll(destDir)
}
return sheet, destDir, cleanup
},
wantErr: true,
errMsg: "failed to create outfile",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sheet, dest, cleanup := tt.setup()
defer cleanup()
err := sheet.Copy(dest)
if (err != nil) != tt.wantErr {
t.Errorf("Copy() error = %v, wantErr %v", err, tt.wantErr)
return
}
if err != nil && tt.errMsg != "" {
if !contains(err.Error(), tt.errMsg) {
t.Errorf("Copy() error = %v, want error containing %q", err, tt.errMsg)
}
}
})
}
}
// TestCopyIOError tests the io.Copy error case
func TestCopyIOError(t *testing.T) {
// This is difficult to test without mocking io.Copy
// The error case would occur if the source file is modified
// or removed after opening but before copying
t.Skip("Skipping io.Copy error test - requires file system race condition")
}
// TestCopyCleanupOnError verifies that partially written files are cleaned up on error
func TestCopyCleanupOnError(t *testing.T) {
// Create a source file that we'll make unreadable after opening
src, err := os.CreateTemp("", "copy-test-cleanup-*")
if err != nil {
t.Fatalf("failed to create temp file: %v", err)
}
defer os.Remove(src.Name())
// Write some content
content := "test content for cleanup"
if _, err := src.WriteString(content); err != nil {
t.Fatalf("failed to write content: %v", err)
}
src.Close()
sheet := &Sheet{
Title: "test",
Path: src.Name(),
CheatPath: "test",
}
// Destination path
dest := filepath.Join(os.TempDir(), "copy-cleanup-test.txt")
defer os.Remove(dest) // Clean up if test fails
// Make the source file unreadable (simulating a read error during copy)
// This is platform-specific, but should work on Unix-like systems
if err := os.Chmod(src.Name(), 0000); err != nil {
t.Skip("Cannot change file permissions on this platform")
}
defer os.Chmod(src.Name(), 0644) // Restore permissions for cleanup
// Attempt to copy - this should fail during io.Copy
err = sheet.Copy(dest)
if err == nil {
t.Error("Expected Copy to fail with permission error")
}
// Verify the destination file was cleaned up
if _, err := os.Stat(dest); !os.IsNotExist(err) {
t.Error("Destination file should have been removed after copy failure")
}
}
func contains(s, substr string) bool {
return len(s) >= len(substr) && (s == substr || len(s) > 0 && containsHelper(s, substr))
}
func containsHelper(s, substr string) bool {
for i := 0; i <= len(s)-len(substr); i++ {
if s[i:i+len(substr)] == substr {
return true
}
}
return false
}

65
internal/sheet/doc.go Normal file
View File

@@ -0,0 +1,65 @@
// Package sheet provides functionality for parsing and managing individual cheat sheets.
//
// A sheet represents a single cheatsheet file containing helpful commands, notes,
// or documentation. Sheets can include optional YAML frontmatter for metadata
// such as tags and syntax highlighting preferences.
//
// # Sheet Format
//
// Sheets are plain text files that may begin with YAML frontmatter:
//
// ---
// syntax: bash
// tags: [networking, linux, ssh]
// ---
// # Connect to remote server
// ssh user@hostname
//
// # Copy files over SSH
// scp local_file user@hostname:/remote/path
//
// The frontmatter is optional. If omitted, the sheet will use default values.
//
// # Core Types
//
// The Sheet type contains:
// - Title: The sheet's name (derived from filename)
// - Path: Full filesystem path to the sheet
// - Text: The content of the sheet (without frontmatter)
// - Tags: Categories assigned to the sheet
// - Syntax: Language hint for syntax highlighting
// - ReadOnly: Whether the sheet can be modified
//
// Key Functions
//
// - New: Creates a new Sheet from a file path
// - Parse: Extracts frontmatter and content from sheet text
// - Search: Searches sheet content using regular expressions
// - Colorize: Applies syntax highlighting to sheet content
//
// # Syntax Highlighting
//
// The package integrates with the Chroma library to provide syntax highlighting.
// Supported languages include bash, python, go, javascript, and many others.
// The syntax can be specified in the frontmatter or auto-detected.
//
// Example Usage
//
// // Load a sheet from disk
// s, err := sheet.New("/path/to/sheet", []string{"personal"}, false)
// if err != nil {
// log.Fatal(err)
// }
//
// // Search for content
// matches, err := s.Search("ssh", false)
// if err != nil {
// log.Fatal(err)
// }
//
// // Apply syntax highlighting
// colorized, err := s.Colorize(config)
// if err != nil {
// log.Fatal(err)
// }
package sheet

54
internal/sheet/parse_extended_test.go Normal file
View File

@@ -0,0 +1,54 @@
package sheet
import (
"runtime"
"testing"
)
// TestParseWindowsLineEndings tests parsing with Windows line endings
func TestParseWindowsLineEndings(t *testing.T) {
// Only test Windows line endings on Windows
if runtime.GOOS != "windows" {
t.Skip("Skipping Windows line ending test on non-Windows platform")
}
// stub our cheatsheet content with Windows line endings
markdown := "---\r\nsyntax: go\r\ntags: [ test ]\r\n---\r\nTo foo the bar: baz"
// parse the frontmatter
fm, text, err := parse(markdown)
// assert expectations
if err != nil {
t.Errorf("failed to parse markdown: %v", err)
}
want := "To foo the bar: baz"
if text != want {
t.Errorf("failed to parse text: want: %s, got: %s", want, text)
}
want = "go"
if fm.Syntax != want {
t.Errorf("failed to parse syntax: want: %s, got: %s", want, fm.Syntax)
}
}
// TestParseInvalidYAML tests parsing with invalid YAML in frontmatter
func TestParseInvalidYAML(t *testing.T) {
// stub our cheatsheet content with invalid YAML
markdown := `---
syntax: go
tags: [ test
unclosed bracket
---
To foo the bar: baz`
// parse the frontmatter
_, _, err := parse(markdown)
// assert that an error was returned for invalid YAML
if err == nil {
t.Error("expected error for invalid YAML, got nil")
}
}

132
internal/sheet/parse_fuzz_test.go Normal file
View File

@@ -0,0 +1,132 @@
package sheet
import (
"strings"
"testing"
)
// FuzzParse tests the parse function with fuzzing to uncover edge cases
// and potential panics in YAML frontmatter parsing
func FuzzParse(f *testing.F) {
// Add seed corpus with various valid and edge case inputs
// Valid frontmatter
f.Add("---\nsyntax: go\n---\nContent")
f.Add("---\ntags: [a, b]\n---\n")
f.Add("---\nsyntax: bash\ntags: [linux, shell]\n---\n#!/bin/bash\necho hello")
// No frontmatter
f.Add("No frontmatter here")
f.Add("")
f.Add("Just plain text\nwith multiple lines")
// Edge cases with delimiters
f.Add("---")
f.Add("---\n")
f.Add("---\n---")
f.Add("---\n---\n")
f.Add("---\n---\n---")
f.Add("---\n---\n---\n---")
f.Add("------\n------")
// Invalid YAML
f.Add("---\n{invalid yaml\n---\n")
f.Add("---\nsyntax: \"unclosed quote\n---\n")
f.Add("---\ntags: [a, b,\n---\n")
// Windows line endings
f.Add("---\r\nsyntax: go\r\n---\r\nContent")
f.Add("---\r\n---\r\n")
// Mixed line endings
f.Add("---\nsyntax: go\r\n---\nContent")
f.Add("---\r\nsyntax: go\n---\r\nContent")
// Unicode and special characters
f.Add("---\ntags: [emoji, 🎉]\n---\n")
f.Add("---\nsyntax: 中文\n---\n")
f.Add("---\ntags: [\x00, \x01]\n---\n")
// Very long inputs
f.Add("---\ntags: [" + strings.Repeat("a,", 1000) + "a]\n---\n")
f.Add("---\n" + strings.Repeat("field: value\n", 1000) + "---\n")
// Nested structures
f.Add("---\ntags:\n - nested\n - list\n---\n")
f.Add("---\nmeta:\n author: test\n version: 1.0\n---\n")
f.Fuzz(func(t *testing.T, input string) {
// The parse function should never panic, regardless of input
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("parse panicked with input %q: %v", input, r)
}
}()
fm, text, err := parse(input)
// Verify invariants
if err == nil {
// If parsing succeeded, validate the result
// The returned text should be a suffix of the input
// (either the whole input if no frontmatter, or the part after frontmatter)
if !strings.HasSuffix(input, text) && text != input {
t.Errorf("returned text %q is not a valid suffix of input %q", text, input)
}
// If input starts with delimiter and has valid frontmatter,
// text should be shorter than input
if strings.HasPrefix(input, "---\n") || strings.HasPrefix(input, "---\r\n") {
if len(fm.Tags) > 0 || fm.Syntax != "" {
// We successfully parsed frontmatter, so text should be shorter
if len(text) >= len(input) {
t.Errorf("text length %d should be less than input length %d when frontmatter is parsed",
len(text), len(input))
}
}
}
// Note: Tags can be nil when frontmatter is not present or empty
// This is expected behavior in Go for uninitialized slices
} else {
// If parsing failed, the original input should be returned as text
if text != input {
t.Errorf("on error, text should equal input: got %q, want %q", text, input)
}
}
}()
})
}
// FuzzParseDelimiterHandling specifically tests delimiter edge cases
func FuzzParseDelimiterHandling(f *testing.F) {
// Seed corpus focusing on delimiter variations
f.Add("---", "content")
f.Add("", "---")
f.Add("---", "---")
f.Add("", "")
f.Fuzz(func(t *testing.T, prefix string, suffix string) {
// Build input with controllable parts around delimiters
inputs := []string{
prefix + "---\n" + suffix,
prefix + "---\r\n" + suffix,
prefix + "---\n---\n" + suffix,
prefix + "---\r\n---\r\n" + suffix,
prefix + "---\n" + "yaml: data\n" + "---\n" + suffix,
}
for _, input := range inputs {
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("parse panicked with constructed input: %v", r)
}
}()
_, _, _ = parse(input)
}()
}
})
}

9
internal/sheet/search.go
View File

@@ -9,16 +9,17 @@ import (
func (s *Sheet) Search(reg *regexp.Regexp) string {
// record matches
matches := ""
var matches []string
// search through the cheatsheet's text line by line
for _, line := range strings.Split(s.Text, "\n\n") {
// exit early if the line doesn't match the regex
// save matching lines
if reg.MatchString(line) {
matches += line + "\n\n"
matches = append(matches, line)
}
}
return strings.TrimSpace(matches)
// Join matches with the same delimiter used for splitting
return strings.Join(matches, "\n\n")
}

190
internal/sheet/search_fuzz_test.go Normal file
View File

@@ -0,0 +1,190 @@
package sheet
import (
"regexp"
"strings"
"testing"
"time"
)
// FuzzSearchRegex tests the regex compilation and search functionality
// to ensure it handles malformed patterns gracefully and doesn't suffer
// from catastrophic backtracking
func FuzzSearchRegex(f *testing.F) {
// Add seed corpus with various regex patterns
// Valid patterns
f.Add("test", "This is a test string")
f.Add("(?i)test", "This is a TEST string")
f.Add("foo|bar", "foo and bar")
f.Add("^start", "start of line\nnext line")
f.Add("end$", "at the end\nnext line")
f.Add("\\d+", "123 numbers 456")
f.Add("[a-z]+", "lowercase UPPERCASE")
// Edge cases and potentially problematic patterns
f.Add("", "empty pattern")
f.Add(".", "any character")
f.Add(".*", "match everything")
f.Add(".+", "match something")
f.Add("\\", "backslash")
f.Add("(", "unclosed paren")
f.Add(")", "unmatched paren")
f.Add("[", "unclosed bracket")
f.Add("]", "unmatched bracket")
f.Add("[^]", "negated empty class")
f.Add("(?", "incomplete group")
// Patterns that might cause performance issues
f.Add("(a+)+", "aaaaaaaaaaaaaaaaaaaaaaaab")
f.Add("(a*)*", "aaaaaaaaaaaaaaaaaaaaaaaab")
f.Add("(a|a)*", "aaaaaaaaaaaaaaaaaaaaaaaab")
f.Add("(.*)*", "any text here")
f.Add("(\\d+)+", "123456789012345678901234567890x")
// Unicode patterns
f.Add("☺", "Unicode ☺ smiley")
f.Add("[一-龯]", "Chinese 中文 characters")
f.Add("\\p{L}+", "Unicode letters")
// Very long patterns
f.Add(strings.Repeat("a", 1000), "long pattern")
f.Add(strings.Repeat("(a|b)", 100), "complex pattern")
f.Fuzz(func(t *testing.T, pattern string, text string) {
// Test 1: Regex compilation should not panic
var reg *regexp.Regexp
var compileErr error
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("regexp.Compile panicked with pattern %q: %v", pattern, r)
}
}()
reg, compileErr = regexp.Compile(pattern)
}()
// If compilation failed, that's OK - we're testing error handling
if compileErr != nil {
// This is expected for invalid patterns
return
}
// Test 2: Create a sheet and test Search method
sheet := Sheet{
Title: "test",
Text: text,
}
// Search should not panic
var result string
done := make(chan bool, 1)
go func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Search panicked with pattern %q on text %q: %v", pattern, text, r)
}
done <- true
}()
result = sheet.Search(reg)
}()
// Timeout after 100ms to catch catastrophic backtracking
select {
case <-done:
// Search completed successfully
case <-time.After(100 * time.Millisecond):
t.Errorf("Search timed out (possible catastrophic backtracking) with pattern %q on text %q", pattern, text)
}
// Test 3: Verify search result invariants
if result != "" {
// The Search function splits by "\n\n", so we need to compare using the same logic
resultLines := strings.Split(result, "\n\n")
textLines := strings.Split(text, "\n\n")
// Every result line should exist in the original text lines
for _, rLine := range resultLines {
found := false
for _, tLine := range textLines {
if rLine == tLine {
found = true
break
}
}
if !found && rLine != "" {
t.Errorf("Search result contains line not in original text: %q", rLine)
}
}
}
})
}
// FuzzSearchCatastrophicBacktracking specifically tests for regex patterns
// that could cause performance issues
func FuzzSearchCatastrophicBacktracking(f *testing.F) {
// Seed with patterns known to potentially cause issues
f.Add("a", 10, 5)
f.Add("x", 20, 3)
f.Fuzz(func(t *testing.T, char string, repeats int, groups int) {
// Limit the size to avoid memory issues in the test
if repeats > 30 || repeats < 0 || groups > 10 || groups < 0 || len(char) > 5 {
t.Skip("Skipping invalid or overly large test case")
}
// Construct patterns that might cause backtracking
patterns := []string{
strings.Repeat(char, repeats),
"(" + char + "+)+",
"(" + char + "*)*",
"(" + char + "|" + char + ")*",
}
// Add nested groups
if groups > 0 && groups < 10 {
nested := char
for i := 0; i < groups; i++ {
nested = "(" + nested + ")+"
}
patterns = append(patterns, nested)
}
// Test text that might trigger backtracking
testText := strings.Repeat(char, repeats) + "x"
for _, pattern := range patterns {
// Try to compile the pattern
reg, err := regexp.Compile(pattern)
if err != nil {
// Invalid pattern, skip
continue
}
// Test with timeout
done := make(chan bool, 1)
go func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Search panicked with backtracking pattern %q: %v", pattern, r)
}
done <- true
}()
sheet := Sheet{Text: testText}
_ = sheet.Search(reg)
}()
select {
case <-done:
// Completed successfully
case <-time.After(50 * time.Millisecond):
t.Logf("Warning: potential backtracking issue with pattern %q (completed slowly)", pattern)
}
}
})
}

94
internal/sheet/tagged_fuzz_test.go Normal file
View File

@@ -0,0 +1,94 @@
package sheet
import (
"strings"
"testing"
)
// FuzzTagged tests the Tagged function with potentially malicious tag inputs
//
// Threat model: An attacker crafts a malicious cheatsheet with specially
// crafted tags that could cause issues when a user searches/filters by tags.
// This is particularly relevant for shared community cheatsheets.
func FuzzTagged(f *testing.F) {
// Add seed corpus with potentially problematic inputs
// These represent tags an attacker might use in a malicious cheatsheet
f.Add("normal", "normal")
f.Add("", "")
f.Add(" ", " ")
f.Add("\n", "\n")
f.Add("\r\n", "\r\n")
f.Add("\x00", "\x00") // Null byte
f.Add("../../etc/passwd", "../../etc/passwd") // Path traversal attempt
f.Add("'; DROP TABLE sheets;--", "sql") // SQL injection attempt
f.Add("<script>alert('xss')</script>", "xss") // XSS attempt
f.Add("${HOME}", "${HOME}") // Environment variable
f.Add("$(whoami)", "$(whoami)") // Command substitution
f.Add("`date`", "`date`") // Command substitution
f.Add("\\x41\\x42", "\\x41\\x42") // Escape sequences
f.Add("%00", "%00") // URL encoded null
f.Add("tag\nwith\nnewlines", "tag")
f.Add(strings.Repeat("a", 10000), "a") // Very long tag
f.Add("🎉", "🎉") // Unicode
f.Add("\U0001F4A9", "\U0001F4A9") // Unicode poop emoji
f.Add("tag with spaces", "tag with spaces")
f.Add("TAG", "tag") // Case sensitivity check
f.Add("tag", "TAG") // Case sensitivity check
f.Fuzz(func(t *testing.T, sheetTag string, searchTag string) {
// Create a sheet with the potentially malicious tag
sheet := Sheet{
Title: "test",
Tags: []string{sheetTag},
}
// The Tagged function should never panic regardless of input
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Tagged panicked with sheetTag=%q, searchTag=%q: %v",
sheetTag, searchTag, r)
}
}()
result := sheet.Tagged(searchTag)
// Verify the result is consistent with a simple string comparison
expected := false
for _, tag := range sheet.Tags {
if tag == searchTag {
expected = true
break
}
}
if result != expected {
t.Errorf("Tagged returned %v but expected %v for sheetTag=%q, searchTag=%q",
result, expected, sheetTag, searchTag)
}
// Additional invariant: Tagged should be case-sensitive
if sheetTag != searchTag && result {
t.Errorf("Tagged matched different strings: sheetTag=%q, searchTag=%q",
sheetTag, searchTag)
}
}()
// Test with multiple tags including the fuzzed one
sheetMulti := Sheet{
Title: "test",
Tags: []string{"safe1", sheetTag, "safe2", sheetTag}, // Duplicate tags
}
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Tagged panicked with multiple tags including %q: %v",
sheetTag, r)
}
}()
_ = sheetMulti.Tagged(searchTag)
}()
})
}

4
internal/sheet/testdata/fuzz/FuzzSearchCatastrophicBacktracking/3ad1cae1b78a2478 vendored Normal file
View File

@@ -0,0 +1,4 @@
go test fuzz v1
string("0")
int(-6)
int(5)

3
internal/sheet/testdata/fuzz/FuzzSearchRegex/74c0a5e8e3464bfd vendored Normal file
View File

@@ -0,0 +1,3 @@
go test fuzz v1
string(".")
string(" 0000\n\n\n\n00000")

65
internal/sheets/doc.go Normal file
View File

@@ -0,0 +1,65 @@
// Package sheets manages collections of cheat sheets across multiple cheatpaths.
//
// The sheets package provides functionality to:
// - Load sheets from multiple cheatpaths
// - Consolidate duplicate sheets (with precedence rules)
// - Filter sheets by tags
// - Sort sheets alphabetically
// - Extract unique tags across all sheets
//
// # Loading Sheets
//
// Sheets are loaded recursively from cheatpath directories, excluding:
// - Hidden files (starting with .)
// - Files in .git directories
// - Files with extensions (sheets have no extension)
//
// # Consolidation
//
// When multiple cheatpaths contain sheets with the same name, consolidation
// rules apply based on the order of cheatpaths. Sheets from earlier paths
// override those from later paths, allowing personal sheets to override
// community sheets.
//
// Example:
//
// cheatpaths:
// 1. personal: ~/cheat
// 2. community: ~/cheat/community
//
// If both contain "git", the version from "personal" is used.
//
// # Filtering
//
// Sheets can be filtered by:
// - Tags: Include only sheets with specific tags
// - Cheatpath: Include only sheets from specific paths
//
// Key Functions
//
// - Load: Loads all sheets from the given cheatpaths
// - Filter: Filters sheets by tag
// - Consolidate: Merges sheets from multiple paths with precedence
// - Sort: Sorts sheets alphabetically by title
// - Tags: Extracts all unique tags from sheets
//
// Example Usage
//
// // Load sheets from all cheatpaths
// allSheets, err := sheets.Load(cheatpaths)
// if err != nil {
// log.Fatal(err)
// }
//
// // Consolidate to handle duplicates
// consolidated := sheets.Consolidate(allSheets)
//
// // Filter by tag
// filtered := sheets.Filter(consolidated, "networking")
//
// // Sort alphabetically
// sheets.Sort(filtered)
//
// // Get all unique tags
// tags := sheets.Tags(consolidated)
package sheets

4
internal/sheets/filter.go
View File

@@ -2,6 +2,7 @@ package sheets
import (
"strings"
"unicode/utf8"
"github.com/cheat/cheat/internal/sheet"
)
@@ -31,7 +32,8 @@ func Filter(
// iterate over each tag. If the sheet does not match *all* tags, filter
// it out.
for _, tag := range tags {
if !sheet.Tagged(strings.TrimSpace(tag)) {
trimmed := strings.TrimSpace(tag)
if trimmed == "" || !utf8.ValidString(trimmed) || !sheet.Tagged(trimmed) {
keep = false
}
}

177
internal/sheets/filter_fuzz_test.go Normal file
View File

@@ -0,0 +1,177 @@
package sheets
import (
"strings"
"testing"
"github.com/cheat/cheat/internal/sheet"
)
// FuzzFilter tests the Filter function with various tag combinations
func FuzzFilter(f *testing.F) {
// Add seed corpus with various tag scenarios
// Format: "tags to filter by" (comma-separated)
f.Add("linux")
f.Add("linux,bash")
f.Add("linux,bash,ssh")
f.Add("")
f.Add(" ")
f.Add(" linux ")
f.Add("linux,")
f.Add(",linux")
f.Add(",,")
f.Add("linux,,bash")
f.Add("tag-with-dash")
f.Add("tag_with_underscore")
f.Add("UPPERCASE")
f.Add("miXedCase")
f.Add("🎉emoji")
f.Add("tag with spaces")
f.Add("\ttab\ttag")
f.Add("tag\nwith\nnewline")
f.Add("very-long-tag-name-that-might-cause-issues-somewhere")
f.Add(strings.Repeat("a,", 100) + "a")
f.Fuzz(func(t *testing.T, tagString string) {
// Split the tag string into individual tags
var tags []string
if tagString != "" {
tags = strings.Split(tagString, ",")
}
// Create test data - some sheets with various tags
cheatpaths := []map[string]sheet.Sheet{
{
"sheet1": sheet.Sheet{
Title: "sheet1",
Tags: []string{"linux", "bash"},
},
"sheet2": sheet.Sheet{
Title: "sheet2",
Tags: []string{"linux", "ssh", "networking"},
},
"sheet3": sheet.Sheet{
Title: "sheet3",
Tags: []string{"UPPERCASE", "miXedCase"},
},
},
{
"sheet4": sheet.Sheet{
Title: "sheet4",
Tags: []string{"tag with spaces", "🎉emoji"},
},
"sheet5": sheet.Sheet{
Title: "sheet5",
Tags: []string{}, // No tags
},
},
}
// The function should not panic
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Filter panicked with tags %q: %v", tags, r)
}
}()
result := Filter(cheatpaths, tags)
// Verify invariants
// 1. Result should have same number of cheatpaths
if len(result) != len(cheatpaths) {
t.Errorf("Filter changed number of cheatpaths: got %d, want %d",
len(result), len(cheatpaths))
}
// 2. Each filtered sheet should contain all requested tags
for _, filteredPath := range result {
for title, sheet := range filteredPath {
// Verify this sheet has all the tags we filtered for
for _, tag := range tags {
trimmedTag := strings.TrimSpace(tag)
if trimmedTag == "" {
continue // Skip empty tags
}
if !sheet.Tagged(trimmedTag) {
t.Errorf("Sheet %q passed filter but doesn't have tag %q",
title, trimmedTag)
}
}
}
}
// 3. Empty tag list should return all sheets
if len(tags) == 0 || (len(tags) == 1 && tags[0] == "") {
totalOriginal := 0
totalFiltered := 0
for _, path := range cheatpaths {
totalOriginal += len(path)
}
for _, path := range result {
totalFiltered += len(path)
}
if totalFiltered != totalOriginal {
t.Errorf("Empty filter should return all sheets: got %d, want %d",
totalFiltered, totalOriginal)
}
}
}()
})
}
// FuzzFilterEdgeCases tests Filter with extreme inputs
func FuzzFilterEdgeCases(f *testing.F) {
// Seed with number of tags and tag length
f.Add(0, 0)
f.Add(1, 10)
f.Add(10, 10)
f.Add(100, 5)
f.Add(1000, 3)
f.Fuzz(func(t *testing.T, numTags int, tagLen int) {
// Limit to reasonable values to avoid memory issues
if numTags > 1000 || numTags < 0 || tagLen > 100 || tagLen < 0 {
t.Skip("Skipping unreasonable test case")
}
// Generate tags
tags := make([]string, numTags)
for i := 0; i < numTags; i++ {
// Create a tag of specified length
if tagLen > 0 {
tags[i] = strings.Repeat("a", tagLen) + string(rune(i%26+'a'))
}
}
// Create a sheet with no tags (should be filtered out)
cheatpaths := []map[string]sheet.Sheet{
{
"test": sheet.Sheet{
Title: "test",
Tags: []string{},
},
},
}
// Should not panic with many tags
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Filter panicked with %d tags of length %d: %v",
numTags, tagLen, r)
}
}()
result := Filter(cheatpaths, tags)
// With non-matching tags, result should be empty
if numTags > 0 && tagLen > 0 {
if len(result[0]) != 0 {
t.Errorf("Expected empty result with non-matching tags, got %d sheets",
len(result[0]))
}
}
}()
})
}

17
internal/sheets/load.go
View File

@@ -20,7 +20,7 @@ func Load(cheatpaths []cp.Cheatpath) ([]map[string]sheet.Sheet, error) {
sheets := make([]map[string]sheet.Sheet, len(cheatpaths))
// iterate over each cheatpath
for _, cheatpath := range cheatpaths {
for i, cheatpath := range cheatpaths {
// vivify the map of cheatsheets on this specific cheatpath
pathsheets := make(map[string]sheet.Sheet)
@@ -43,6 +43,19 @@ func Load(cheatpaths []cp.Cheatpath) ([]map[string]sheet.Sheet, error) {
return nil
}
// get the base filename
filename := filepath.Base(path)
// skip hidden files (files that start with a dot)
if strings.HasPrefix(filename, ".") {
return nil
}
// skip files with extensions (cheatsheets have no extension)
if filepath.Ext(filename) != "" {
return nil
}
// calculate the cheatsheet's "title" (the phrase with which it may be
// accessed. Eg: `cheat tar` - `tar` is the title)
title := strings.TrimPrefix(
@@ -88,7 +101,7 @@ func Load(cheatpaths []cp.Cheatpath) ([]map[string]sheet.Sheet, error) {
// store the sheets on this cheatpath alongside the other cheatsheets on
// other cheatpaths
sheets = append(sheets, pathsheets)
sheets[i] = pathsheets
}
// return the cheatsheets, grouped by cheatpath

13
internal/sheets/load_test.go
View File

@@ -26,19 +26,26 @@ func TestLoad(t *testing.T) {
}
// load cheatsheets
sheets, err := Load(cheatpaths)
cheatpathSheets, err := Load(cheatpaths)
if err != nil {
t.Errorf("failed to load cheatsheets: %v", err)
}
// assert that the correct number of sheets loaded
// (sheet load details are tested in `sheet_test.go`)
totalSheets := 0
for _, sheets := range cheatpathSheets {
totalSheets += len(sheets)
}
// we expect 4 total sheets (2 from community, 2 from personal)
// hidden files and files with extensions are excluded
want := 4
if len(sheets) != want {
if totalSheets != want {
t.Errorf(
"failed to load correct number of cheatsheets: want: %d, got: %d",
want,
len(sheets),
totalSheets,
)
}
}

6
internal/sheets/tags.go
View File

@@ -2,6 +2,7 @@ package sheets
import (
"sort"
"unicode/utf8"
"github.com/cheat/cheat/internal/sheet"
)
@@ -16,7 +17,10 @@ func Tags(cheatpaths []map[string]sheet.Sheet) []string {
for _, path := range cheatpaths {
for _, sheet := range path {
for _, tag := range sheet.Tags {
tags[tag] = true
// Skip invalid UTF-8 tags to prevent downstream issues
if utf8.ValidString(tag) {
tags[tag] = true
}
}
}
}

190
internal/sheets/tags_fuzz_test.go Normal file
View File

@@ -0,0 +1,190 @@
package sheets
import (
"strings"
"testing"
"unicode/utf8"
"github.com/cheat/cheat/internal/sheet"
)
// FuzzTags tests the Tags function with various tag combinations
func FuzzTags(f *testing.F) {
// Add seed corpus
// Format: comma-separated tags that will be distributed across sheets
f.Add("linux,bash,ssh")
f.Add("")
f.Add("single")
f.Add("duplicate,duplicate,duplicate")
f.Add(" spaces , around , tags ")
f.Add("MiXeD,UPPER,lower")
f.Add("special-chars,under_score,dot.ted")
f.Add("emoji🎉,unicode中文,symbols@#$")
f.Add("\ttab,\nnewline,\rcarriage")
f.Add(",,,,") // Multiple empty tags
f.Add(strings.Repeat("tag,", 100)) // Many tags
f.Add("a," + strings.Repeat("very-long-tag-name", 10)) // Long tag names
f.Fuzz(func(t *testing.T, tagString string) {
// Split tags and distribute them across multiple sheets
var allTags []string
if tagString != "" {
allTags = strings.Split(tagString, ",")
}
// Create test cheatpaths with various tag distributions
cheatpaths := []map[string]sheet.Sheet{}
// Distribute tags across 3 paths with overlapping tags
for i := 0; i < 3; i++ {
path := make(map[string]sheet.Sheet)
// Each path gets some subset of tags
for j, tag := range allTags {
if j%3 == i || j%(i+2) == 0 { // Create some overlap
sheetName := string(rune('a' + j%26))
path[sheetName] = sheet.Sheet{
Title: sheetName,
Tags: []string{tag},
}
}
}
// Add a sheet with multiple tags
if len(allTags) > 1 {
path["multi"] = sheet.Sheet{
Title: "multi",
Tags: allTags[:len(allTags)/2+1], // First half of tags
}
}
cheatpaths = append(cheatpaths, path)
}
// The function should not panic
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Tags panicked with input %q: %v", tagString, r)
}
}()
result := Tags(cheatpaths)
// Verify invariants
// 1. Result should be sorted
for i := 1; i < len(result); i++ {
if result[i-1] >= result[i] {
t.Errorf("Tags not sorted: %q >= %q at positions %d, %d",
result[i-1], result[i], i-1, i)
}
}
// 2. No duplicates in result
seen := make(map[string]bool)
for _, tag := range result {
if seen[tag] {
t.Errorf("Duplicate tag in result: %q", tag)
}
seen[tag] = true
}
// 3. All non-empty tags from input should be in result
// (This is approximate since we distributed tags in a complex way)
inputTags := make(map[string]bool)
for _, tag := range allTags {
if tag != "" {
inputTags[tag] = true
}
}
resultTags := make(map[string]bool)
for _, tag := range result {
resultTags[tag] = true
}
// Result might have fewer tags due to distribution logic,
// but shouldn't have tags not in the input
for tag := range resultTags {
found := false
for inputTag := range inputTags {
if tag == inputTag {
found = true
break
}
}
if !found && tag != "" {
t.Errorf("Result contains tag %q not derived from input", tag)
}
}
// 4. Valid UTF-8 (Tags function should filter out invalid UTF-8)
for _, tag := range result {
if !utf8.ValidString(tag) {
t.Errorf("Invalid UTF-8 in tag: %q", tag)
}
}
}()
})
}
// FuzzTagsStress tests Tags function with large numbers of tags
func FuzzTagsStress(f *testing.F) {
// Seed: number of unique tags, number of sheets, tags per sheet
f.Add(10, 10, 5)
f.Add(100, 50, 10)
f.Add(1000, 100, 20)
f.Fuzz(func(t *testing.T, numUniqueTags int, numSheets int, tagsPerSheet int) {
// Limit to reasonable values
if numUniqueTags > 1000 || numUniqueTags < 0 ||
numSheets > 1000 || numSheets < 0 ||
tagsPerSheet > 100 || tagsPerSheet < 0 {
t.Skip("Skipping unreasonable test case")
}
// Generate unique tags
uniqueTags := make([]string, numUniqueTags)
for i := 0; i < numUniqueTags; i++ {
uniqueTags[i] = "tag" + string(rune(i))
}
// Create sheets with random tags
cheatpaths := []map[string]sheet.Sheet{
make(map[string]sheet.Sheet),
}
for i := 0; i < numSheets; i++ {
// Select random tags for this sheet
sheetTags := make([]string, 0, tagsPerSheet)
for j := 0; j < tagsPerSheet && j < numUniqueTags; j++ {
// Distribute tags across sheets
tagIndex := (i*tagsPerSheet + j) % numUniqueTags
sheetTags = append(sheetTags, uniqueTags[tagIndex])
}
cheatpaths[0]["sheet"+string(rune(i))] = sheet.Sheet{
Title: "sheet" + string(rune(i)),
Tags: sheetTags,
}
}
// Should handle large numbers efficiently
func() {
defer func() {
if r := recover(); r != nil {
t.Errorf("Tags panicked with %d unique tags, %d sheets, %d tags/sheet: %v",
numUniqueTags, numSheets, tagsPerSheet, r)
}
}()
result := Tags(cheatpaths)
// Should have at most numUniqueTags in result
if len(result) > numUniqueTags {
t.Errorf("More tags in result (%d) than unique tags created (%d)",
len(result), numUniqueTags)
}
}()
})
}

2
internal/sheets/testdata/fuzz/FuzzFilter/4316c263ab833860 vendored Normal file
View File

@@ -0,0 +1,2 @@
go test fuzz v1
string("\xd7")

2
internal/sheets/testdata/fuzz/FuzzTags/28f36ef487f23e6c vendored Normal file
View File

@@ -0,0 +1,2 @@
go test fuzz v1
string("\xf0")