DBT/clawgo
1
0
Fork 0
mirror of https://github.com/YspCoder/clawgo.git synced 2026-04-14 02:37:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
word-claw
clawgo/pkg/tools/filesystem_security_test.go
lpf ba95aeed35 Harden gateway auth and file boundaries
2026-03-15 15:31:00 +08:00

45 lines
1011 B
Go
Raw Permalink Blame History

package tools
import (
"context"
"os"
"path/filepath"
"testing"
)
func TestResolveToolPathRejectsAbsolutePath(t *testing.T) {
t.Parallel()
base := t.TempDir()
if _, err := resolveToolPath(base, "/tmp/outside.txt"); err == nil {
t.Fatalf("expected absolute path to be rejected")
}
}
func TestResolveToolPathRejectsTraversal(t *testing.T) {
t.Parallel()
base := t.TempDir()
if _, err := resolveToolPath(base, "../outside.txt"); err == nil {
t.Fatalf("expected traversal path to be rejected")
}
}
func TestReadFileToolAllowsWorkspaceRelativePath(t *testing.T) {
t.Parallel()
base := t.TempDir()
path := filepath.Join(base, "notes.txt")
if err := os.WriteFile(path, []byte("hello"), 0o644); err != nil {
t.Fatalf("write fixture: %v", err)
}
tool := NewReadFileTool(base)
got, err := tool.Execute(context.Background(), map[string]interface{}{"path": "notes.txt"})
if err != nil {
t.Fatalf("read file: %v", err)
}
if got != "hello" {
t.Fatalf("unexpected content %q", got)
}
}
Reference in New Issue View Git Blame Copy Permalink