Skip to content

Commit fa3562e

Browse files
Add script file path regression test
1 parent 2eccd65 commit fa3562e

1 file changed

Lines changed: 31 additions & 0 deletions

File tree

tests/masonry/builders/test_builder.py

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -288,6 +288,37 @@ def test_missing_script_files_throws_error() -> None:
288288
assert "is not found." in str(err.value)
289289

290290

291+
def test_script_files_cannot_escape_project_root(tmp_path: Path) -> None:
292+
root = tmp_path / "project"
293+
root.mkdir()
294+
(root / "demo").mkdir()
295+
(root / "demo" / "__init__.py").write_text("", encoding="utf-8")
296+
(tmp_path / "outside.sh").write_text("#!/bin/sh\n", encoding="utf-8")
297+
(root / "pyproject.toml").write_text(
298+
"""
299+
[tool.poetry]
300+
name = "demo"
301+
version = "0.1.0"
302+
description = ""
303+
authors = []
304+
305+
[tool.poetry.dependencies]
306+
python = ">=3.10"
307+
308+
[tool.poetry.scripts]
309+
outside = { reference = "../outside.sh", type = "file" }
310+
""".lstrip(),
311+
encoding="utf-8",
312+
)
313+
314+
builder = Builder(Factory().create_poetry(root))
315+
316+
with pytest.raises(RuntimeError) as err:
317+
builder.convert_script_files()
318+
319+
assert "is outside the project root" in str(err.value)
320+
321+
291322
def test_invalid_script_files_definition() -> None:
292323
with pytest.raises(RuntimeError) as err:
293324
Builder(

0 commit comments

Comments
 (0)