-
Notifications
You must be signed in to change notification settings - Fork 13
Description
Summary
The path traversal fix in #403 implemented assertPathContained() validation for tagKey and tagValue in indexTagBasedData(), but explicitly did not write tests for those two vectors. The PR description states:
"The 2 remaining planned vectors (tag key / tag value traversal) were not tested. They require a
unifiedDataRepostub; the existingcreateIndexServicetest helper does not wire one up, and building a fullUnifiedDataRepositorystub is out of scope for this fix."
Without tests, any future regression in these validation paths would be silent. The try-catch in indexTagBasedData() was also modified to re-throw path traversal errors — that logic is also untested.
Relevant Code
src/infrastructure/repo/symlink_repo_index_service.ts lines 544–560:
for (const [tagKey, valueMap] of customTags) {
const modelDir = join(typeDir, "..");
const tagKeyDir = join(modelDir, tagKey);
this.assertPathContained(
tagKeyDir,
modelDir,
`tagKey "${tagKey}"`,
);
await ensureDir(tagKeyDir);
for (const [tagValue, dataItems] of valueMap) {
const tagValueDir = join(tagKeyDir, tagValue);
this.assertPathContained(
tagValueDir,
tagKeyDir,
`tagValue "${tagValue}"`,
);What Needs Adding
Two test cases in src/infrastructure/repo/symlink_repo_index_service_test.ts:
tagKey = "../../../malicious"— should throw"Path traversal detected"tagValue = "../../../malicious"— should throw"Path traversal detected"
These require wiring up a UnifiedDataRepository stub in the test helper createIndexService, or creating a focused test that constructs the service with a minimal stub. The existing test for indexWorkflowRun with malicious step names (#403) can serve as a pattern.
Also verify that the re-throw guard for path traversal errors in indexTagBasedData() is exercised by these tests:
if (
error instanceof Error &&
error.message.startsWith("Path traversal detected")
) {
throw error;
}References
src/infrastructure/repo/symlink_repo_index_service.ts—indexTagBasedData()src/infrastructure/repo/symlink_repo_index_service_test.ts- PR fix: path traversal in symlink_repo_index_service (#390) #403 which acknowledged this gap