mirror of
https://github.com/cheat/cheat.git
synced 2026-03-07 03:03:32 +01:00
cc85a4bdb1
Bug fixes: - Fix inverted pager detection logic (returned error instead of path) - Fix repo.Clone ignoring destination directory parameter - Fix sheet loading using append on pre-sized slices - Clean up partial files on copy failure - Trim whitespace from editor config Security: - Add path traversal protection for cheatsheet names Performance: - Move regex compilation outside search loop - Replace string concatenation with strings.Join in search Build: - Remove go:generate; embed config and usage as string literals - Parallelize release builds - Add fuzz testing infrastructure Testing: - Improve test coverage from 38.9% to 50.2% - Add fuzz tests for search, filter, tags, and validation Documentation: - Fix inaccurate code examples in HACKING.md - Add missing --conf and --all options to man page - Add ADRs for path traversal, env parsing, and search parallelization - Update CONTRIBUTING.md to reflect project policy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
107 lines
2.0 KiB
Go
107 lines
2.0 KiB
Go
package cheatpath
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestValidateSheetName(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
wantErr bool
|
|
errMsg string
|
|
}{
|
|
// Valid names
|
|
{
|
|
name: "simple name",
|
|
input: "docker",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "name with slash",
|
|
input: "docker/compose",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "name with multiple slashes",
|
|
input: "lang/go/slice",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "name with dash and underscore",
|
|
input: "my-cheat_sheet",
|
|
wantErr: false,
|
|
},
|
|
// Invalid names
|
|
{
|
|
name: "empty name",
|
|
input: "",
|
|
wantErr: true,
|
|
errMsg: "empty",
|
|
},
|
|
{
|
|
name: "parent directory traversal",
|
|
input: "../etc/passwd",
|
|
wantErr: true,
|
|
errMsg: "'..'",
|
|
},
|
|
{
|
|
name: "complex traversal",
|
|
input: "foo/../../etc/passwd",
|
|
wantErr: true,
|
|
errMsg: "'..'",
|
|
},
|
|
{
|
|
name: "absolute path",
|
|
input: "/etc/passwd",
|
|
wantErr: true,
|
|
errMsg: "absolute",
|
|
},
|
|
{
|
|
name: "home directory",
|
|
input: "~/secrets",
|
|
wantErr: true,
|
|
errMsg: "'~'",
|
|
},
|
|
{
|
|
name: "just dots",
|
|
input: "..",
|
|
wantErr: true,
|
|
errMsg: "'..'",
|
|
},
|
|
{
|
|
name: "hidden file not allowed",
|
|
input: ".hidden",
|
|
wantErr: true,
|
|
errMsg: "cannot start with '.'",
|
|
},
|
|
{
|
|
name: "current dir is ok",
|
|
input: "./current",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "nested hidden file not allowed",
|
|
input: "config/.gitignore",
|
|
wantErr: true,
|
|
errMsg: "cannot start with '.'",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := ValidateSheetName(tt.input)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("ValidateName(%q) error = %v, wantErr %v", tt.input, err, tt.wantErr)
|
|
return
|
|
}
|
|
if err != nil && tt.errMsg != "" {
|
|
if !strings.Contains(err.Error(), tt.errMsg) {
|
|
t.Errorf("ValidateName(%q) error = %v, want error containing %q", tt.input, err, tt.errMsg)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|