Pulse

vrr/Pulse

Fork 0

mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-05 07:08:42 +00:00

Commit graph

Author	SHA1	Message	Date
rcourtman	5b5386e060	ADA: Add unit tests for sanitizeInstallerURL and sanitizeSetupAuthToken Add comprehensive test coverage for security-critical URL and token sanitization functions in config_handlers.go. These functions protect the setup script endpoint from injection attacks. TestSanitizeInstallerURL (23 cases): empty/whitespace handling, valid http/https URLs, fragment stripping, query preservation, control character rejection, invalid scheme rejection (ftp/file/javascript/data), and missing host validation. TestSanitizeSetupAuthToken (19 cases): empty/whitespace handling, valid hex tokens of various lengths (32-128 chars), mixed case hex, control character rejection, non-hex character rejection, and length validation.	2025-11-29 18:35:27 +00:00

Author

SHA1

Message

Date

rcourtman

5b5386e060

ADA: Add unit tests for sanitizeInstallerURL and sanitizeSetupAuthToken

Add comprehensive test coverage for security-critical URL and token
sanitization functions in config_handlers.go. These functions protect
the setup script endpoint from injection attacks.

TestSanitizeInstallerURL (23 cases): empty/whitespace handling, valid
http/https URLs, fragment stripping, query preservation, control character
rejection, invalid scheme rejection (ftp/file/javascript/data), and
missing host validation.

TestSanitizeSetupAuthToken (19 cases): empty/whitespace handling, valid
hex tokens of various lengths (32-128 chars), mixed case hex, control
character rejection, non-hex character rejection, and length validation.

2025-11-29 18:35:27 +00:00

1 commit