diff options
author | Kevin Daudt <me@ikke.info> | 2022-01-24 22:41:08 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-24 14:41:08 -0700 |
commit | 44e5e9e43f3583f04613bbbb1996e9b5a13a60ac (patch) | |
tree | ef6dca686d8f5ca2c72212c99b0c1e39c09a6b6e /modules/caddyhttp | |
parent | bf380d00ab62ccedcf5d7f32125bfbd4dd636d01 (diff) |
caddyhttp: Fix test when /tmp/etc already exists (#4544)
The TestFileListing test in tplcontext_test has one test that verifies
if directory traversal is not happening. The context root is set to
'/tmp' and then it tries to open '../../../../../etc', which gets
normalized to '/tmp/etc'.
The test then expects an error to be returned, assuming that '/tmp/etc'
does not exist on the system. When it does exist, it results in a test
failure:
```
--- FAIL: TestFileListing (0.00s)
tplcontext_test.go:422: Test 4: Expected error but had none
FAIL
FAIL
github.com/caddyserver/caddy/v2/modules/caddyhttp/templates 0.042s
```
Instead of using '/tmp' as root, use a dedicated directory created with
`os.MkdirTemp()` instead. That way, we know that the directory is empty.
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/templates/tplcontext_test.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index bd04975..61fc80c 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -608,6 +608,9 @@ title = "Welcome" func getContextOrFail(t *testing.T) TemplateContext { tplContext, err := initTestContext() + t.Cleanup(func() { + os.RemoveAll(string(tplContext.Root.(http.Dir))) + }) if err != nil { t.Fatalf("failed to prepare test context: %v", err) } @@ -620,8 +623,12 @@ func initTestContext() (TemplateContext, error) { if err != nil { return TemplateContext{}, err } + tmpDir, err := os.MkdirTemp(os.TempDir(), "caddy") + if err != nil { + return TemplateContext{}, err + } return TemplateContext{ - Root: http.Dir(os.TempDir()), + Root: http.Dir(tmpDir), Req: request, RespHeader: WrappedHeader{make(http.Header)}, }, nil |