Skip to content

chore(test): tighten path handling in test utilities#135

Draft
viniciusdc wants to merge 1 commit into
mainfrom
chore/test-utils-hardening
Draft

chore(test): tighten path handling in test utilities#135
viniciusdc wants to merge 1 commit into
mainfrom
chore/test-utils-hardening

Conversation

@viniciusdc

Copy link
Copy Markdown
Collaborator

Summary

Two small hygiene fixes in test/utils/utils.go. Test-utility code only — no operator runtime impact.

Change Where
Constrain LoadTestDataFile's filename to stay inside test/e2e/testdata/ (reject .. traversal). Replaces raw string concat with filepath.Join + filepath.Rel check. LoadTestDataFile
Write fixture files with mode 0600 instead of 0644. Test fixtures don't need group/other readability; the existing nolint:gosec workaround for the rule comes off. UncommentCode

Verification

  • go build ./... — passes
  • make lint — 0 issues
  • test/utils/ has no test files; nothing new to run. E2E tests that import the package still build cleanly.

Why now

Routine test-utility hygiene as part of the v0.1.0 readiness pass (#129). File-level independent of #133 (deps) and #134 (manifest) — can land in any order.

Two small hygiene fixes in test/utils/utils.go:

- LoadTestDataFile now constrains its `filename` argument to stay
  inside test/e2e/testdata/.  Previously the path was built by raw
  string concat — a caller passing a name with `..` would have escaped
  the testdata directory.  Now it uses filepath.Join + filepath.Rel
  and rejects anything that traverses out.

- UncommentCode writes its output file with mode 0600 (was 0644).
  Test fixtures don't need group/other readability; the existing
  nolint:gosec suppression was a workaround for the lint rule.

Test-utility code only.  No operator runtime impact.  Build + lint
clean; the test/utils package has no test files so there's nothing
new to run against.
@github-actions

Copy link
Copy Markdown

Docker Images Built

Images pushed to Quay.io for branch chore-test-utils-hardening:

Image Tag Platforms
Operator quay.io/nebari/nebari-operator:chore-test-utils-hardening linux/amd64 + linux/arm64

Test the operator:

kubectl apply -k https://github.com/nebari-dev/nebari-operator.git/config/default?ref=chore/test-utils-hardening
kubectl set image deployment/nebari-operator-controller-manager manager=quay.io/nebari/nebari-operator:chore-test-utils-hardening -n nebari-operator-system

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants