summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/templates
diff options
context:
space:
mode:
authorKevin Daudt <me@ikke.info>2022-01-24 22:41:08 +0100
committerGitHub <noreply@github.com>2022-01-24 14:41:08 -0700
commit44e5e9e43f3583f04613bbbb1996e9b5a13a60ac (patch)
treeef6dca686d8f5ca2c72212c99b0c1e39c09a6b6e /modules/caddyhttp/templates
parentbf380d00ab62ccedcf5d7f32125bfbd4dd636d01 (diff)
caddyhttp: Fix test when /tmp/etc already exists (#4544)
The TestFileListing test in tplcontext_test has one test that verifies if directory traversal is not happening. The context root is set to '/tmp' and then it tries to open '../../../../../etc', which gets normalized to '/tmp/etc'. The test then expects an error to be returned, assuming that '/tmp/etc' does not exist on the system. When it does exist, it results in a test failure: ``` --- FAIL: TestFileListing (0.00s) tplcontext_test.go:422: Test 4: Expected error but had none FAIL FAIL github.com/caddyserver/caddy/v2/modules/caddyhttp/templates 0.042s ``` Instead of using '/tmp' as root, use a dedicated directory created with `os.MkdirTemp()` instead. That way, we know that the directory is empty.
Diffstat (limited to 'modules/caddyhttp/templates')
-rw-r--r--modules/caddyhttp/templates/tplcontext_test.go9
1 files changed, 8 insertions, 1 deletions
diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go
index bd04975..61fc80c 100644
--- a/modules/caddyhttp/templates/tplcontext_test.go
+++ b/modules/caddyhttp/templates/tplcontext_test.go
@@ -608,6 +608,9 @@ title = "Welcome"
func getContextOrFail(t *testing.T) TemplateContext {
tplContext, err := initTestContext()
+ t.Cleanup(func() {
+ os.RemoveAll(string(tplContext.Root.(http.Dir)))
+ })
if err != nil {
t.Fatalf("failed to prepare test context: %v", err)
}
@@ -620,8 +623,12 @@ func initTestContext() (TemplateContext, error) {
if err != nil {
return TemplateContext{}, err
}
+ tmpDir, err := os.MkdirTemp(os.TempDir(), "caddy")
+ if err != nil {
+ return TemplateContext{}, err
+ }
return TemplateContext{
- Root: http.Dir(os.TempDir()),
+ Root: http.Dir(tmpDir),
Req: request,
RespHeader: WrappedHeader{make(http.Header)},
}, nil