vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-02 05:20:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
Pulse/cmd/pulse/config_security_test.go
rcourtman 778a2577b6 feat: Pulse v6 release
2026-03-18 16:06:30 +00:00

94 lines
2.6 KiB
Go
Raw Blame History

package main
import (
"bytes"
"os"
"path/filepath"
"strings"
"testing"
"github.com/rcourtman/pulse-go-rewrite/pkg/pulsecli"
)
func TestReadBoundedRegularFileSuccess(t *testing.T) {
path := filepath.Join(t.TempDir(), "config.enc")
want := []byte("encrypted-config")
if err := os.WriteFile(path, want, 0600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
got, err := pulsecli.ReadBoundedRegularFile(path, int64(len(want)))
if err != nil {
t.Fatalf("readBoundedRegularFile: %v", err)
}
if string(got) != string(want) {
t.Fatalf("got %q, want %q", string(got), string(want))
}
}
func TestReadBoundedRegularFileRejectsOversized(t *testing.T) {
path := filepath.Join(t.TempDir(), "config.enc")
if err := os.WriteFile(path, []byte("0123456789"), 0600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
_, err := pulsecli.ReadBoundedRegularFile(path, 8)
if err == nil {
t.Fatal("expected oversized file error")
}
if !strings.Contains(err.Error(), "exceeds") {
t.Fatalf("unexpected error: %v", err)
}
}
func TestReadBoundedRegularFileRejectsSymlink(t *testing.T) {
dir := t.TempDir()
target := filepath.Join(dir, "target.enc")
if err := os.WriteFile(target, []byte("ok"), 0600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
link := filepath.Join(dir, "config.enc")
if err := os.Symlink(target, link); err != nil {
t.Skipf("symlink not supported: %v", err)
}
_, err := pulsecli.ReadBoundedRegularFile(link, 1024)
if err == nil {
t.Fatal("expected non-regular file error")
}
if !strings.Contains(err.Error(), "regular file") {
t.Fatalf("unexpected error: %v", err)
}
}
func TestReadBoundedHTTPBodySuccess(t *testing.T) {
data := []byte("payload")
got, err := pulsecli.ReadBoundedHTTPBody(bytes.NewReader(data), int64(len(data)), int64(len(data)), "configuration response")
if err != nil {
t.Fatalf("readBoundedHTTPBody: %v", err)
}
if string(got) != string(data) {
t.Fatalf("got %q, want %q", string(got), string(data))
}
}
func TestReadBoundedHTTPBodyRejectsOversizedContentLength(t *testing.T) {
_, err := pulsecli.ReadBoundedHTTPBody(bytes.NewReader([]byte("ok")), 9, 8, "configuration response")
if err == nil {
t.Fatal("expected oversized content-length error")
}
if !strings.Contains(err.Error(), "exceeds") {
t.Fatalf("unexpected error: %v", err)
}
}
func TestReadBoundedHTTPBodyRejectsOversizedStream(t *testing.T) {
_, err := pulsecli.ReadBoundedHTTPBody(bytes.NewReader([]byte("0123456789")), -1, 8, "configuration response")
if err == nil {
t.Fatal("expected oversized stream error")
}
if !strings.Contains(err.Error(), "exceeds") {
t.Fatalf("unexpected error: %v", err)
}
}
Reference in a new issue View git blame Copy permalink