cli/pkg/io/local/client_test.go

package local

import (
	"os"
	"path/filepath"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestNew_Good(t *testing.T) {
	testRoot := t.TempDir()

	// Test successful creation
	medium, err := New(testRoot)
	assert.NoError(t, err)
	assert.NotNil(t, medium)
	assert.Equal(t, testRoot, medium.root)

	// Verify the root directory exists
	info, err := os.Stat(testRoot)
	assert.NoError(t, err)
	assert.True(t, info.IsDir())

	// Test creating a new instance with an existing directory (should not error)
	medium2, err := New(testRoot)
	assert.NoError(t, err)
	assert.NotNil(t, medium2)
}

func TestPath_Good(t *testing.T) {
	testRoot := t.TempDir()
	medium := &Medium{root: testRoot}

	// Valid path
	validPath, err := medium.path("file.txt")
	assert.NoError(t, err)
	assert.Equal(t, filepath.Join(testRoot, "file.txt"), validPath)

	// Subdirectory path
	subDirPath, err := medium.path("dir/sub/file.txt")
	assert.NoError(t, err)
	assert.Equal(t, filepath.Join(testRoot, "dir", "sub", "file.txt"), subDirPath)
}

func TestPath_Bad(t *testing.T) {
	testRoot := t.TempDir()
	medium := &Medium{root: testRoot}

	// Path traversal attempt
	_, err := medium.path("../secret.txt")
	assert.Error(t, err)
	assert.Contains(t, err.Error(), "path traversal attempt detected")

	_, err = medium.path("dir/../../secret.txt")
	assert.Error(t, err)
	assert.Contains(t, err.Error(), "path traversal attempt detected")

	// Absolute path attempt
	_, err = medium.path("/etc/passwd")
	assert.Error(t, err)
	assert.Contains(t, err.Error(), "path traversal attempt detected")
}

func TestReadWrite_Good(t *testing.T) {
	testRoot, err := os.MkdirTemp("", "local_read_write_test")
	assert.NoError(t, err)
	defer os.RemoveAll(testRoot)

	medium, err := New(testRoot)
	assert.NoError(t, err)

	fileName := "testfile.txt"
	filePath := filepath.Join("subdir", fileName)
	content := "Hello, Gopher!\nThis is a test file."

	// Test Write
	err = medium.Write(filePath, content)
	assert.NoError(t, err)

	// Verify file content by reading directly from OS
	readContent, err := os.ReadFile(filepath.Join(testRoot, filePath))
	assert.NoError(t, err)
	assert.Equal(t, content, string(readContent))

	// Test Read
	readByMedium, err := medium.Read(filePath)
	assert.NoError(t, err)
	assert.Equal(t, content, readByMedium)

	// Test Read non-existent file
	_, err = medium.Read("nonexistent.txt")
	assert.Error(t, err)
	assert.True(t, os.IsNotExist(err))

	// Test Write to a path with traversal attempt
	writeErr := medium.Write("../badfile.txt", "malicious content")
	assert.Error(t, writeErr)
	assert.Contains(t, writeErr.Error(), "path traversal attempt detected")
}

func TestEnsureDir_Good(t *testing.T) {
	testRoot, err := os.MkdirTemp("", "local_ensure_dir_test")
	assert.NoError(t, err)
	defer os.RemoveAll(testRoot)

	medium, err := New(testRoot)
	assert.NoError(t, err)

	dirName := "newdir/subdir"
	dirPath := filepath.Join(testRoot, dirName)

	// Test creating a new directory
	err = medium.EnsureDir(dirName)
	assert.NoError(t, err)
	info, err := os.Stat(dirPath)
	assert.NoError(t, err)
	assert.True(t, info.IsDir())

	// Test ensuring an existing directory (should not error)
	err = medium.EnsureDir(dirName)
	assert.NoError(t, err)

	// Test ensuring a directory with path traversal attempt
	err = medium.EnsureDir("../bad_dir")
	assert.Error(t, err)
	assert.Contains(t, err.Error(), "path traversal attempt detected")
}

func TestIsFile_Good(t *testing.T) {
	testRoot, err := os.MkdirTemp("", "local_is_file_test")
	assert.NoError(t, err)
	defer os.RemoveAll(testRoot)

	medium, err := New(testRoot)
	assert.NoError(t, err)

	// Create a test file
	fileName := "existing_file.txt"
	filePath := filepath.Join(testRoot, fileName)
	err = os.WriteFile(filePath, []byte("content"), 0644)
	assert.NoError(t, err)

	// Create a test directory
	dirName := "existing_dir"
	dirPath := filepath.Join(testRoot, dirName)
	err = os.Mkdir(dirPath, 0755)
	assert.NoError(t, err)

	// Test with an existing file
	assert.True(t, medium.IsFile(fileName))

	// Test with a non-existent file
	assert.False(t, medium.IsFile("nonexistent_file.txt"))

	// Test with a directory
	assert.False(t, medium.IsFile(dirName))

	// Test with path traversal attempt
	assert.False(t, medium.IsFile("../bad_file.txt"))
}

func TestFileGetFileSet_Good(t *testing.T) {
	testRoot, err := os.MkdirTemp("", "local_fileget_fileset_test")
	assert.NoError(t, err)
	defer os.RemoveAll(testRoot)

	medium, err := New(testRoot)
	assert.NoError(t, err)

	fileName := "data.txt"
	content := "Hello, FileGet/FileSet!"

	// Test FileSet
	err = medium.FileSet(fileName, content)
	assert.NoError(t, err)

	// Verify file was written
	readContent, err := os.ReadFile(filepath.Join(testRoot, fileName))
	assert.NoError(t, err)
	assert.Equal(t, content, string(readContent))

	// Test FileGet
	gotContent, err := medium.FileGet(fileName)
	assert.NoError(t, err)
	assert.Equal(t, content, gotContent)

	// Test FileGet on non-existent file
	_, err = medium.FileGet("nonexistent.txt")
	assert.Error(t, err)

	// Test FileSet with path traversal attempt
	err = medium.FileSet("../bad.txt", "malicious")
	assert.Error(t, err)
	assert.Contains(t, err.Error(), "path traversal attempt detected")

	// Test FileGet with path traversal attempt
	_, err = medium.FileGet("../bad.txt")
	assert.Error(t, err)
	assert.Contains(t, err.Error(), "path traversal attempt detected")
}
feat(mcp): add workspace root validation to prevent path traversal (#100) * feat(mcp): add workspace root validation to prevent path traversal - Add workspaceRoot field to Service for restricting file operations - Add WithWorkspaceRoot() option for configuring the workspace directory - Add validatePath() helper to check paths are within workspace - Apply validation to all file operation handlers - Default to current working directory for security - Add comprehensive tests for path validation Closes #82 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: move CLI commands from pkg/ to internal/cmd/ - Move 18 CLI command packages to internal/cmd/ (not externally importable) - Keep 16 library packages in pkg/ (externally importable) - Update all import paths throughout codebase - Cleaner separation between CLI logic and reusable libraries CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor, php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace Libraries remaining: agentic, build, cache, cli, container, devops, errors, framework, git, i18n, io, log, mcp, process, release, repos Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(mcp): use pkg/io Medium for sandboxed file operations Replace manual path validation with pkg/io.Medium for all file operations. This delegates security (path traversal, symlink bypass) to the sandboxed local.Medium implementation. Changes: - Add io.NewSandboxed() for creating sandboxed Medium instances - Refactor MCP Service to use io.Medium instead of direct os.* calls - Remove validatePath and resolvePathWithSymlinks functions - Update tests to verify Medium-based behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: correct import path and workflow references - Fix pkg/io/io.go import from core-gui to core - Update CI workflows to use internal/cmd/updater path Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address CodeRabbit review issues for path validation - pkg/io/local: add symlink resolution and boundary-aware containment - Reject absolute paths in sandboxed Medium - Use filepath.EvalSymlinks to prevent symlink bypass attacks - Fix prefix check to prevent /tmp/root matching /tmp/root2 - pkg/mcp: fix resolvePath to validate and return errors - Changed resolvePath from (string) to (string, error) - Update deleteFile, renameFile, listDirectory, fileExists to handle errors - Changed New() to return (Service, error) instead of Service - Properly propagate option errors instead of silently discarding - pkg/io: wrap errors with E() helper for consistent context - Copy() and MockMedium.Read() now use coreerr.E() - tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines - Fix hardcoded /tmp in TestPath to use t.TempDir() - Add TestResolvePath_Bad_SymlinkTraversal test Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting across all files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-01 21:59:34 +00:00			`package local`

			`import (`
			`"os"`
			`"path/filepath"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestNew_Good(t *testing.T) {`
			`testRoot := t.TempDir()`

			`// Test successful creation`
			`medium, err := New(testRoot)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, medium)`
			`assert.Equal(t, testRoot, medium.root)`

			`// Verify the root directory exists`
			`info, err := os.Stat(testRoot)`
			`assert.NoError(t, err)`
			`assert.True(t, info.IsDir())`

			`// Test creating a new instance with an existing directory (should not error)`
			`medium2, err := New(testRoot)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, medium2)`
			`}`

			`func TestPath_Good(t *testing.T) {`
			`testRoot := t.TempDir()`
			`medium := &Medium{root: testRoot}`

			`// Valid path`
			`validPath, err := medium.path("file.txt")`
			`assert.NoError(t, err)`
			`assert.Equal(t, filepath.Join(testRoot, "file.txt"), validPath)`

			`// Subdirectory path`
			`subDirPath, err := medium.path("dir/sub/file.txt")`
			`assert.NoError(t, err)`
			`assert.Equal(t, filepath.Join(testRoot, "dir", "sub", "file.txt"), subDirPath)`
			`}`

			`func TestPath_Bad(t *testing.T) {`
			`testRoot := t.TempDir()`
			`medium := &Medium{root: testRoot}`

			`// Path traversal attempt`
			`_, err := medium.path("../secret.txt")`
			`assert.Error(t, err)`
			`assert.Contains(t, err.Error(), "path traversal attempt detected")`

			`_, err = medium.path("dir/../../secret.txt")`
			`assert.Error(t, err)`
			`assert.Contains(t, err.Error(), "path traversal attempt detected")`

			`// Absolute path attempt`
			`_, err = medium.path("/etc/passwd")`
			`assert.Error(t, err)`
			`assert.Contains(t, err.Error(), "path traversal attempt detected")`
			`}`

			`func TestReadWrite_Good(t *testing.T) {`
			`testRoot, err := os.MkdirTemp("", "local_read_write_test")`
			`assert.NoError(t, err)`
			`defer os.RemoveAll(testRoot)`

			`medium, err := New(testRoot)`
			`assert.NoError(t, err)`

			`fileName := "testfile.txt"`
			`filePath := filepath.Join("subdir", fileName)`
			`content := "Hello, Gopher!\nThis is a test file."`

			`// Test Write`
			`err = medium.Write(filePath, content)`
			`assert.NoError(t, err)`

			`// Verify file content by reading directly from OS`
			`readContent, err := os.ReadFile(filepath.Join(testRoot, filePath))`
			`assert.NoError(t, err)`
			`assert.Equal(t, content, string(readContent))`

			`// Test Read`
			`readByMedium, err := medium.Read(filePath)`
			`assert.NoError(t, err)`
			`assert.Equal(t, content, readByMedium)`

			`// Test Read non-existent file`
			`_, err = medium.Read("nonexistent.txt")`
			`assert.Error(t, err)`
			`assert.True(t, os.IsNotExist(err))`

			`// Test Write to a path with traversal attempt`
			`writeErr := medium.Write("../badfile.txt", "malicious content")`
			`assert.Error(t, writeErr)`
			`assert.Contains(t, writeErr.Error(), "path traversal attempt detected")`
			`}`

			`func TestEnsureDir_Good(t *testing.T) {`
			`testRoot, err := os.MkdirTemp("", "local_ensure_dir_test")`
			`assert.NoError(t, err)`
			`defer os.RemoveAll(testRoot)`

			`medium, err := New(testRoot)`
			`assert.NoError(t, err)`

			`dirName := "newdir/subdir"`
			`dirPath := filepath.Join(testRoot, dirName)`

			`// Test creating a new directory`
			`err = medium.EnsureDir(dirName)`
			`assert.NoError(t, err)`
			`info, err := os.Stat(dirPath)`
			`assert.NoError(t, err)`
			`assert.True(t, info.IsDir())`

			`// Test ensuring an existing directory (should not error)`
			`err = medium.EnsureDir(dirName)`
			`assert.NoError(t, err)`

			`// Test ensuring a directory with path traversal attempt`
			`err = medium.EnsureDir("../bad_dir")`
			`assert.Error(t, err)`
			`assert.Contains(t, err.Error(), "path traversal attempt detected")`
			`}`

			`func TestIsFile_Good(t *testing.T) {`
			`testRoot, err := os.MkdirTemp("", "local_is_file_test")`
			`assert.NoError(t, err)`
			`defer os.RemoveAll(testRoot)`

			`medium, err := New(testRoot)`
			`assert.NoError(t, err)`

			`// Create a test file`
			`fileName := "existing_file.txt"`
			`filePath := filepath.Join(testRoot, fileName)`
			`err = os.WriteFile(filePath, []byte("content"), 0644)`
			`assert.NoError(t, err)`

			`// Create a test directory`
			`dirName := "existing_dir"`
			`dirPath := filepath.Join(testRoot, dirName)`
			`err = os.Mkdir(dirPath, 0755)`
			`assert.NoError(t, err)`

			`// Test with an existing file`
			`assert.True(t, medium.IsFile(fileName))`

			`// Test with a non-existent file`
			`assert.False(t, medium.IsFile("nonexistent_file.txt"))`

			`// Test with a directory`
			`assert.False(t, medium.IsFile(dirName))`

			`// Test with path traversal attempt`
			`assert.False(t, medium.IsFile("../bad_file.txt"))`
			`}`

			`func TestFileGetFileSet_Good(t *testing.T) {`
			`testRoot, err := os.MkdirTemp("", "local_fileget_fileset_test")`
			`assert.NoError(t, err)`
			`defer os.RemoveAll(testRoot)`

			`medium, err := New(testRoot)`
			`assert.NoError(t, err)`

			`fileName := "data.txt"`
			`content := "Hello, FileGet/FileSet!"`

			`// Test FileSet`
			`err = medium.FileSet(fileName, content)`
			`assert.NoError(t, err)`

			`// Verify file was written`
			`readContent, err := os.ReadFile(filepath.Join(testRoot, fileName))`
			`assert.NoError(t, err)`
			`assert.Equal(t, content, string(readContent))`

			`// Test FileGet`
			`gotContent, err := medium.FileGet(fileName)`
			`assert.NoError(t, err)`
			`assert.Equal(t, content, gotContent)`

			`// Test FileGet on non-existent file`
			`_, err = medium.FileGet("nonexistent.txt")`
			`assert.Error(t, err)`

			`// Test FileSet with path traversal attempt`
			`err = medium.FileSet("../bad.txt", "malicious")`
			`assert.Error(t, err)`
			`assert.Contains(t, err.Error(), "path traversal attempt detected")`

			`// Test FileGet with path traversal attempt`
			`_, err = medium.FileGet("../bad.txt")`
			`assert.Error(t, err)`
			`assert.Contains(t, err.Error(), "path traversal attempt detected")`
			`}`