registry_test.go 1.9 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. package fileupload
  2. import (
  3. "os"
  4. "strings"
  5. "testing"
  6. "time"
  7. config "github.com/OliveTin/OliveTin/internal/config"
  8. )
  9. func TestPruneExpiredRemovesStalePendingFile(t *testing.T) {
  10. r := mustRegistry(t)
  11. path := mustTempUnder(t, r.baseDir)
  12. seedExpiredPending(r, path)
  13. r.pruneExpired()
  14. assertNoFile(t, path)
  15. assertPendingGone(t, r)
  16. }
  17. func mustRegistry(t *testing.T) *Registry {
  18. t.Helper()
  19. r, err := NewRegistry(config.DefaultConfig())
  20. if err != nil {
  21. t.Fatalf("NewRegistry: %v", err)
  22. }
  23. return r
  24. }
  25. func mustTempUnder(t *testing.T, dir string) string {
  26. t.Helper()
  27. f, err := os.CreateTemp(dir, "olu-")
  28. if err != nil {
  29. t.Fatalf("CreateTemp: %v", err)
  30. }
  31. path := f.Name()
  32. _ = f.Close()
  33. return path
  34. }
  35. func seedExpiredPending(r *Registry, path string) {
  36. r.mu.Lock()
  37. defer r.mu.Unlock()
  38. r.pending["testtoken"] = &pendingEntry{
  39. path: path,
  40. expires: time.Now().Add(-time.Minute),
  41. }
  42. }
  43. func assertNoFile(t *testing.T, path string) {
  44. t.Helper()
  45. _, err := os.Stat(path)
  46. if !os.IsNotExist(err) {
  47. t.Fatalf("expected temp file removed, stat err=%v", err)
  48. }
  49. }
  50. func assertPendingGone(t *testing.T, r *Registry) {
  51. t.Helper()
  52. r.mu.Lock()
  53. defer r.mu.Unlock()
  54. if _, ok := r.pending["testtoken"]; ok {
  55. t.Fatal("expected pending entry deleted")
  56. }
  57. }
  58. func TestSanitizeUploadFilenameShellSafe(t *testing.T) {
  59. t.Parallel()
  60. cases := []struct {
  61. in string
  62. want string
  63. }{
  64. {"normal.txt", "normal.txt"},
  65. {"My-Document_2.pdf", "My-Document_2.pdf"},
  66. {"", "upload"},
  67. {".", "upload"},
  68. {"../../../etc/passwd", "passwd"},
  69. {"foo;rm -rf /", "foo_rm_-rf_"},
  70. {"a$b`x$(y)", "a_b_x__y_"},
  71. {"x\ny\tz", "x_y_z"},
  72. {"a|b&c>d<e", "a_b_c_d_e"},
  73. {`a\b`, "a_b"},
  74. {`'quote"`, "_quote_"},
  75. {strings.Repeat("n", 300), strings.Repeat("n", 255)},
  76. }
  77. for _, tc := range cases {
  78. got := SanitizeUploadFilename(tc.in)
  79. if got != tc.want {
  80. t.Errorf("SanitizeUploadFilename(%q) = %q, want %q", tc.in, got, tc.want)
  81. }
  82. }
  83. }