test: fix defect path traversal tests #50124
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tniessen
added
permission
github-actions
bot
removed
the
request-ci
This comment was marked as outdated.
This comment was marked as outdated.
anonrig
approved these changes
Oct 10, 2023
This comment was marked as outdated.
This comment was marked as outdated.
30 tasks
This comment was marked as outdated.
This comment was marked as outdated.
tniessen
added
the
author ready
Uzlopak
approved these changes
Oct 11, 2023
Trott
previously approved these changes
Oct 11, 2023
Trott
dismissed
their stale review
Actually, I'm not 100% sure I understand the motivation of the change and would rather wait for Rafael to weigh in
The existing test seems to assume that const allowedFolder = tmpdir.resolve('subdirectory/');keeps the trailing The other JavaScript file then constructs paths as follows: const traversalPath = allowedFolder + '../file.md';Therefore, |
The test never actually tested what it claims to test because it did not properly insert separators before `..`.
tniessen
force-pushed
the
test-fix-pm-traversal
branch
from
e159f6e
to
953131a
Compare
|
Rebased due to a conflict with f447a46. |
RafaelGSS
approved these changes
Oct 15, 2023
github-actions
bot
removed
the
request-ci
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
tniessen
added
the
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in 0c56962 |
kumarrishav
pushed a commit
to kumarrishav/node
that referenced
this pull request
Oct 16, 2023
The test never actually tested what it claims to test because it did not properly insert separators before `..`. PR-URL: nodejs#50124 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
targos
pushed a commit
that referenced
this pull request
Oct 23, 2023
The test never actually tested what it claims to test because it did not properly insert separators before `..`. PR-URL: #50124 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
alexfernandez
pushed a commit
to alexfernandez/node
that referenced
this pull request
Nov 1, 2023
The test never actually tested what it claims to test because it did not properly insert separators before `..`. PR-URL: nodejs#50124 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
targos
pushed a commit
that referenced
this pull request
Nov 11, 2023
The test never actually tested what it claims to test because it did not properly insert separators before `..`. PR-URL: #50124 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The test never actually tested what it claims to test because it did not properly insert separators before
...