test: add missing tag key/value path traversal test vectors for symlink_repo_index_service

[stack72]

Summary

The path traversal fix in #403 implemented assertPathContained() validation for tagKey and tagValue in indexTagBasedData(), but explicitly did not write tests for those two vectors. The PR description states:

"The 2 remaining planned vectors (tag key / tag value traversal) were not tested. They require a unifiedDataRepo stub; the existing createIndexService test helper does not wire one up, and building a full UnifiedDataRepository stub is out of scope for this fix."

Without tests, any future regression in these validation paths would be silent. The try-catch in indexTagBasedData() was also modified to re-throw path traversal errors — that logic is also untested.

Relevant Code

src/infrastructure/repo/symlink_repo_index_service.ts lines 544–560:

for (const [tagKey, valueMap] of customTags) {
  const modelDir = join(typeDir, "..");
  const tagKeyDir = join(modelDir, tagKey);
  this.assertPathContained(
    tagKeyDir,
    modelDir,
    `tagKey "${tagKey}"`,
  );
  await ensureDir(tagKeyDir);

  for (const [tagValue, dataItems] of valueMap) {
    const tagValueDir = join(tagKeyDir, tagValue);
    this.assertPathContained(
      tagValueDir,
      tagKeyDir,
      `tagValue "${tagValue}"`,
    );

What Needs Adding

Two test cases in src/infrastructure/repo/symlink_repo_index_service_test.ts:

1. tagKey = "../../../malicious" — should throw "Path traversal detected"
2. tagValue = "../../../malicious" — should throw "Path traversal detected"

These require wiring up a UnifiedDataRepository stub in the test helper createIndexService, or creating a focused test that constructs the service with a minimal stub. The existing test for indexWorkflowRun with malicious step names (#403) can serve as a pattern.

Also verify that the re-throw guard for path traversal errors in indexTagBasedData() is exercised by these tests:

if (
  error instanceof Error &&
  error.message.startsWith("Path traversal detected")
) {
  throw error;
}

References

• src/infrastructure/repo/symlink_repo_index_service.ts — indexTagBasedData()
• src/infrastructure/repo/symlink_repo_index_service_test.ts
• PR fix: path traversal in symlink_repo_index_service (#390) #403 which acknowledged this gap

[stack72]

Implementation Plan

Approach

Modify the existing test file to add two new path traversal tests that exercise the tagKey and tagValue validation in indexTagBasedData().

1. Update createIndexService helper to accept an optional UnifiedDataRepository

File: src/infrastructure/repo/symlink_repo_index_service_test.ts (line 71)

Add an optional unifiedDataRepo parameter so callers can inject a stub:

function createIndexService(dir: string, opts?: {
  unifiedDataRepo?: UnifiedDataRepository;
}) {
  // ... existing repos ...
  return {
    indexService: new SymlinkRepoIndexService({
      repoDir: dir,
      definitionRepo,
      workflowRepo,
      workflowRunRepo,
      unifiedDataRepo: opts?.unifiedDataRepo,
    }),
    // ...
  };
}

2. Create a minimal UnifiedDataRepository stub

A stub class that returns controlled Data objects from findAllForModel(). Only the methods called by indexTagBasedData() need implementations:

• findAllForModel() — returns Data items with malicious tags
• listVersions() — not reached (error thrown before this)
• getPath() — not reached

All other methods can throw "not implemented".

3. Add two test cases

Both follow the existing pattern (using withTempDir, setupRepoDir, createIndexService, assertRejects):

Test 1: tagKey = "../../../malicious" triggers path traversal error

• Create a Data item with tag { "type": "resource", "../../../malicious": "value" }
• Stub findAllForModel to return this data item
• Call handleModelCreated (which calls indexModel → indexTagBasedData)
• Assert rejection with "Path traversal detected"

Test 2: tagValue = "../../../malicious" triggers path traversal error

• Create a Data item with tag { "type": "resource", "safe-key": "../../../malicious" }
• Stub findAllForModel to return this data item
• Call handleModelCreated
• Assert rejection with "Path traversal detected"

Both tests implicitly verify the re-throw guard in the catch block, since the error must propagate through the try-catch to reach assertRejects.

Files to modify

• src/infrastructure/repo/symlink_repo_index_service_test.ts — only file changed