File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -288,6 +288,37 @@ def test_missing_script_files_throws_error() -> None:
288288 assert "is not found." in str (err .value )
289289
290290
291+ def test_script_files_cannot_escape_project_root (tmp_path : Path ) -> None :
292+ root = tmp_path / "project"
293+ root .mkdir ()
294+ (root / "demo" ).mkdir ()
295+ (root / "demo" / "__init__.py" ).write_text ("" , encoding = "utf-8" )
296+ (tmp_path / "outside.sh" ).write_text ("#!/bin/sh\n " , encoding = "utf-8" )
297+ (root / "pyproject.toml" ).write_text (
298+ """
299+ [tool.poetry]
300+ name = "demo"
301+ version = "0.1.0"
302+ description = ""
303+ authors = []
304+
305+ [tool.poetry.dependencies]
306+ python = ">=3.10"
307+
308+ [tool.poetry.scripts]
309+ outside = { reference = "../outside.sh", type = "file" }
310+ """ .lstrip (),
311+ encoding = "utf-8" ,
312+ )
313+
314+ builder = Builder (Factory ().create_poetry (root ))
315+
316+ with pytest .raises (RuntimeError ) as err :
317+ builder .convert_script_files ()
318+
319+ assert "is outside the project root" in str (err .value )
320+
321+
291322def test_invalid_script_files_definition () -> None :
292323 with pytest .raises (RuntimeError ) as err :
293324 Builder (
You can’t perform that action at this time.
0 commit comments