mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-02 13:30:13 +00:00
93 lines
2.6 KiB
Go
93 lines
2.6 KiB
Go
package pulsecli
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestGetPassphraseFromEnvAndConfigDeps(t *testing.T) {
|
|
t.Setenv("PULSE_PASSPHRASE", "from-env")
|
|
flagValue := "from-flag"
|
|
config := &ConfigDeps{Passphrase: &flagValue}
|
|
if got := GetPassphrase(config, "ignored", false); got != "from-env" {
|
|
t.Fatalf("GetPassphrase() = %q, want from-env", got)
|
|
}
|
|
|
|
t.Setenv("PULSE_PASSPHRASE", "")
|
|
if got := GetPassphrase(config, "ignored", false); got != "from-flag" {
|
|
t.Fatalf("GetPassphrase() = %q, want from-flag", got)
|
|
}
|
|
}
|
|
|
|
func TestReadBoundedRegularFileRejectsSymlink(t *testing.T) {
|
|
dir := t.TempDir()
|
|
target := filepath.Join(dir, "target.enc")
|
|
if err := os.WriteFile(target, []byte("ok"), 0o600); err != nil {
|
|
t.Fatalf("WriteFile: %v", err)
|
|
}
|
|
|
|
link := filepath.Join(dir, "config.enc")
|
|
if err := os.Symlink(target, link); err != nil {
|
|
t.Skipf("symlink not supported: %v", err)
|
|
}
|
|
|
|
if _, err := ReadBoundedRegularFile(link, 1024); err == nil || !strings.Contains(err.Error(), "regular file") {
|
|
t.Fatalf("ReadBoundedRegularFile() error = %v, want regular file rejection", err)
|
|
}
|
|
}
|
|
|
|
func TestReadBoundedHTTPBodyRejectsOversizedStream(t *testing.T) {
|
|
_, err := ReadBoundedHTTPBody(bytes.NewReader([]byte("0123456789")), -1, 8, "configuration response")
|
|
if err == nil || !strings.Contains(err.Error(), "exceeds") {
|
|
t.Fatalf("ReadBoundedHTTPBody() error = %v, want exceeds error", err)
|
|
}
|
|
}
|
|
|
|
func TestGetPassphraseInteractiveScenarios(t *testing.T) {
|
|
readCalls := 0
|
|
deps := &ConfigDeps{
|
|
ReadPassword: func(fd int) ([]byte, error) {
|
|
readCalls++
|
|
return []byte("interactive"), nil
|
|
},
|
|
}
|
|
|
|
if got := GetPassphrase(deps, "ignored", false); got != "interactive" {
|
|
t.Fatalf("GetPassphrase() = %q, want interactive", got)
|
|
}
|
|
|
|
readCalls = 0
|
|
deps.ReadPassword = func(fd int) ([]byte, error) {
|
|
readCalls++
|
|
return []byte("match"), nil
|
|
}
|
|
if got := GetPassphrase(deps, "ignored", true); got != "match" {
|
|
t.Fatalf("GetPassphrase(confirm) = %q, want match", got)
|
|
}
|
|
if readCalls != 2 {
|
|
t.Fatalf("readCalls = %d, want 2", readCalls)
|
|
}
|
|
|
|
readCalls = 0
|
|
deps.ReadPassword = func(fd int) ([]byte, error) {
|
|
readCalls++
|
|
if readCalls == 1 {
|
|
return []byte("first"), nil
|
|
}
|
|
return []byte("second"), nil
|
|
}
|
|
if got := GetPassphrase(deps, "ignored", true); got != "" {
|
|
t.Fatalf("GetPassphrase(mismatch) = %q, want empty", got)
|
|
}
|
|
|
|
deps.ReadPassword = func(fd int) ([]byte, error) {
|
|
return nil, fmt.Errorf("read error")
|
|
}
|
|
if got := GetPassphrase(deps, "ignored", false); got != "" {
|
|
t.Fatalf("GetPassphrase(error) = %q, want empty", got)
|
|
}
|
|
}
|