add test for path traversal

Author: jenschude

.github/workflows/ci.yml

@@ -109,6 +109,7 @@ jobs:
           - "8.2"
           - "8.3"
           - "8.4"
+          - "8.5"
         dependencies:
           - lowest
           - highest

composer.json

@@ -63,7 +63,7 @@
     "monolog/monolog": "^1.3 || ^2.0",
     "phpunit/phpunit": "^9.0 | 8.5.22",
     "cache/array-adapter": "^1.0",
-    "symplify/easy-coding-standard": "12.5.8",
+    "symplify/easy-coding-standard": "12.6.2",
     "phpstan/phpstan": "^2.1.6"
   },
   "config": {

test/unit/MiscTest.php

@@ -37,6 +37,7 @@
 use Commercetools\Api\Models\Type\TypeReferenceBuilder;
 use Commercetools\Api\Models\Type\TypeResourceIdentifierBuilder;
 use Commercetools\Base\JsonObject;
+use Commercetools\Client\ApiRequest;
 use Commercetools\Client\ClientCredentials;
 use Commercetools\Client\ClientFactory;
 use GuzzleHttp\Psr7\Response;
@@ -297,4 +298,11 @@ public function testCredentials()
         $credentials = new ClientCredentials("clientId", "clientSecret");
         $this->assertInstanceOf(ClientCredentials::class, $credentials);
     }
+
+    public function testPathTraversal()
+    {
+        $b = new ApiRequestBuilder();
+        $request = $b->withProjectKey('test')->carts()->withId("../categories")->get();
+        $this->assertSame("test/carts/..%2Fcategories", $request->getUri()->getPath());
+    }
 }