-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathpath.test.js
More file actions
35 lines (30 loc) · 1.24 KB
/
path.test.js
File metadata and controls
35 lines (30 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/**
* Unit tests for the path sanitization utility.
*/
import path from 'node:path'
import {sanitizePath} from '../../src/util/path.js'
describe('sanitizePath', () => {
test('should resolve a relative path to absolute', () => {
const result = sanitizePath('foo/bar.json')
expect(path.isAbsolute(result)).toBe(true)
expect(result).toBe(path.resolve('foo/bar.json'))
})
test('should return the same value for an already absolute path', () => {
const absPath = '/tmp/reports/output.csv'
const result = sanitizePath(absPath)
expect(result).toBe(path.resolve(absPath))
})
test('should normalize path traversal sequences', () => {
const result = sanitizePath('/tmp/reports/../secrets/output.json')
expect(result).toBe(path.resolve('/tmp/secrets/output.json'))
expect(result).not.toContain('..')
})
test('should throw on null bytes', () => {
expect(() => sanitizePath('/tmp/reports/\0malicious')).toThrow('Path must not contain null bytes')
})
test('should throw on non-string input', () => {
expect(() => sanitizePath(123)).toThrow('Path must be a string')
expect(() => sanitizePath(null)).toThrow('Path must be a string')
expect(() => sanitizePath(undefined)).toThrow('Path must be a string')
})
})