Pulse

vrr/Pulse

Fork 0

mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-29 03:50:18 +00:00

Commit graph

Author	SHA1	Message	Date
rcourtman	b311625328	test: Add tests for config handler utility functions - TestSanitizeErrorMessage: All operation types and error hiding - TestFindExistingGuestURL: Node matching and edge cases - TestMatchInstanceNameByHost: Host normalization and matching Coverage: api 27.7% → 28.0%	2025-12-01 14:09:35 +00:00
rcourtman	5b5386e060	ADA: Add unit tests for sanitizeInstallerURL and sanitizeSetupAuthToken Add comprehensive test coverage for security-critical URL and token sanitization functions in config_handlers.go. These functions protect the setup script endpoint from injection attacks. TestSanitizeInstallerURL (23 cases): empty/whitespace handling, valid http/https URLs, fragment stripping, query preservation, control character rejection, invalid scheme rejection (ftp/file/javascript/data), and missing host validation. TestSanitizeSetupAuthToken (19 cases): empty/whitespace handling, valid hex tokens of various lengths (32-128 chars), mixed case hex, control character rejection, non-hex character rejection, and length validation.	2025-11-29 18:35:27 +00:00

Author

SHA1

Message

Date

rcourtman

b311625328

test: Add tests for config handler utility functions

- TestSanitizeErrorMessage: All operation types and error hiding
- TestFindExistingGuestURL: Node matching and edge cases
- TestMatchInstanceNameByHost: Host normalization and matching
Coverage: api 27.7% → 28.0%

2025-12-01 14:09:35 +00:00

rcourtman

5b5386e060

ADA: Add unit tests for sanitizeInstallerURL and sanitizeSetupAuthToken

Add comprehensive test coverage for security-critical URL and token
sanitization functions in config_handlers.go. These functions protect
the setup script endpoint from injection attacks.

TestSanitizeInstallerURL (23 cases): empty/whitespace handling, valid
http/https URLs, fragment stripping, query preservation, control character
rejection, invalid scheme rejection (ftp/file/javascript/data), and
missing host validation.

TestSanitizeSetupAuthToken (19 cases): empty/whitespace handling, valid
hex tokens of various lengths (32-128 chars), mixed case hex, control
character rejection, non-hex character rejection, and length validation.

2025-11-29 18:35:27 +00:00

2 commits