f47e8211fb
* feat(mcp): add workspace root validation to prevent path traversal - Add workspaceRoot field to Service for restricting file operations - Add WithWorkspaceRoot() option for configuring the workspace directory - Add validatePath() helper to check paths are within workspace - Apply validation to all file operation handlers - Default to current working directory for security - Add comprehensive tests for path validation Closes #82 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: move CLI commands from pkg/ to internal/cmd/ - Move 18 CLI command packages to internal/cmd/ (not externally importable) - Keep 16 library packages in pkg/ (externally importable) - Update all import paths throughout codebase - Cleaner separation between CLI logic and reusable libraries CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor, php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace Libraries remaining: agentic, build, cache, cli, container, devops, errors, framework, git, i18n, io, log, mcp, process, release, repos Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(mcp): use pkg/io Medium for sandboxed file operations Replace manual path validation with pkg/io.Medium for all file operations. This delegates security (path traversal, symlink bypass) to the sandboxed local.Medium implementation. Changes: - Add io.NewSandboxed() for creating sandboxed Medium instances - Refactor MCP Service to use io.Medium instead of direct os.* calls - Remove validatePath and resolvePathWithSymlinks functions - Update tests to verify Medium-based behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: correct import path and workflow references - Fix pkg/io/io.go import from core-gui to core - Update CI workflows to use internal/cmd/updater path Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address CodeRabbit review issues for path validation - pkg/io/local: add symlink resolution and boundary-aware containment - Reject absolute paths in sandboxed Medium - Use filepath.EvalSymlinks to prevent symlink bypass attacks - Fix prefix check to prevent /tmp/root matching /tmp/root2 - pkg/mcp: fix resolvePath to validate and return errors - Changed resolvePath from (string) to (string, error) - Update deleteFile, renameFile, listDirectory, fileExists to handle errors - Changed New() to return (*Service, error) instead of *Service - Properly propagate option errors instead of silently discarding - pkg/io: wrap errors with E() helper for consistent context - Copy() and MockMedium.Read() now use coreerr.E() - tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines - Fix hardcoded /tmp in TestPath to use t.TempDir() - Add TestResolvePath_Bad_SymlinkTraversal test Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting across all files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
124 lines
4.3 KiB
Go
124 lines
4.3 KiB
Go
package updater
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/Snider/Borg/pkg/mocks"
|
|
)
|
|
|
|
func TestGetPublicRepos(t *testing.T) {
|
|
mockClient := mocks.NewMockClient(map[string]*http.Response{
|
|
"https://api.github.com/users/testuser/repos": {
|
|
StatusCode: http.StatusOK,
|
|
Header: http.Header{"Content-Type": []string{"application/json"}},
|
|
Body: io.NopCloser(bytes.NewBufferString(`[{"clone_url": "https://github.com/testuser/repo1.git"}]`)),
|
|
},
|
|
"https://api.github.com/orgs/testorg/repos": {
|
|
StatusCode: http.StatusOK,
|
|
Header: http.Header{"Content-Type": []string{"application/json"}, "Link": []string{`<https://api.github.com/organizations/123/repos?page=2>; rel="next"`}},
|
|
Body: io.NopCloser(bytes.NewBufferString(`[{"clone_url": "https://github.com/testorg/repo1.git"}]`)),
|
|
},
|
|
"https://api.github.com/organizations/123/repos?page=2": {
|
|
StatusCode: http.StatusOK,
|
|
Header: http.Header{"Content-Type": []string{"application/json"}},
|
|
Body: io.NopCloser(bytes.NewBufferString(`[{"clone_url": "https://github.com/testorg/repo2.git"}]`)),
|
|
},
|
|
})
|
|
|
|
client := &githubClient{}
|
|
oldClient := NewAuthenticatedClient
|
|
NewAuthenticatedClient = func(ctx context.Context) *http.Client {
|
|
return mockClient
|
|
}
|
|
defer func() {
|
|
NewAuthenticatedClient = oldClient
|
|
}()
|
|
|
|
// Test user repos
|
|
repos, err := client.getPublicReposWithAPIURL(context.Background(), "https://api.github.com", "testuser")
|
|
if err != nil {
|
|
t.Fatalf("getPublicReposWithAPIURL for user failed: %v", err)
|
|
}
|
|
if len(repos) != 1 || repos[0] != "https://github.com/testuser/repo1.git" {
|
|
t.Errorf("unexpected user repos: %v", repos)
|
|
}
|
|
|
|
// Test org repos with pagination
|
|
repos, err = client.getPublicReposWithAPIURL(context.Background(), "https://api.github.com", "testorg")
|
|
if err != nil {
|
|
t.Fatalf("getPublicReposWithAPIURL for org failed: %v", err)
|
|
}
|
|
if len(repos) != 2 || repos[0] != "https://github.com/testorg/repo1.git" || repos[1] != "https://github.com/testorg/repo2.git" {
|
|
t.Errorf("unexpected org repos: %v", repos)
|
|
}
|
|
}
|
|
func TestGetPublicRepos_Error(t *testing.T) {
|
|
u, _ := url.Parse("https://api.github.com/users/testuser/repos")
|
|
mockClient := mocks.NewMockClient(map[string]*http.Response{
|
|
"https://api.github.com/users/testuser/repos": {
|
|
StatusCode: http.StatusNotFound,
|
|
Status: "404 Not Found",
|
|
Header: http.Header{"Content-Type": []string{"application/json"}},
|
|
Body: io.NopCloser(bytes.NewBufferString("")),
|
|
Request: &http.Request{Method: "GET", URL: u},
|
|
},
|
|
"https://api.github.com/orgs/testuser/repos": {
|
|
StatusCode: http.StatusNotFound,
|
|
Status: "404 Not Found",
|
|
Header: http.Header{"Content-Type": []string{"application/json"}},
|
|
Body: io.NopCloser(bytes.NewBufferString("")),
|
|
Request: &http.Request{Method: "GET", URL: u},
|
|
},
|
|
})
|
|
expectedErr := "failed to fetch repos: 404 Not Found"
|
|
|
|
client := &githubClient{}
|
|
oldClient := NewAuthenticatedClient
|
|
NewAuthenticatedClient = func(ctx context.Context) *http.Client {
|
|
return mockClient
|
|
}
|
|
defer func() {
|
|
NewAuthenticatedClient = oldClient
|
|
}()
|
|
|
|
// Test user repos
|
|
_, err := client.getPublicReposWithAPIURL(context.Background(), "https://api.github.com", "testuser")
|
|
if err.Error() != expectedErr {
|
|
t.Fatalf("getPublicReposWithAPIURL for user failed: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestFindNextURL(t *testing.T) {
|
|
client := &githubClient{}
|
|
linkHeader := `<https://api.github.com/organizations/123/repos?page=2>; rel="next", <https://api.github.com/organizations/123/repos?page=1>; rel="prev"`
|
|
nextURL := client.findNextURL(linkHeader)
|
|
if nextURL != "https://api.github.com/organizations/123/repos?page=2" {
|
|
t.Errorf("unexpected next URL: %s", nextURL)
|
|
}
|
|
|
|
linkHeader = `<https://api.github.com/organizations/123/repos?page=1>; rel="prev"`
|
|
nextURL = client.findNextURL(linkHeader)
|
|
if nextURL != "" {
|
|
t.Errorf("unexpected next URL: %s", nextURL)
|
|
}
|
|
}
|
|
|
|
func TestNewAuthenticatedClient(t *testing.T) {
|
|
// Test with no token
|
|
client := NewAuthenticatedClient(context.Background())
|
|
if client != http.DefaultClient {
|
|
t.Errorf("expected http.DefaultClient, but got something else")
|
|
}
|
|
|
|
// Test with token
|
|
t.Setenv("GITHUB_TOKEN", "test-token")
|
|
client = NewAuthenticatedClient(context.Background())
|
|
if client == http.DefaultClient {
|
|
t.Errorf("expected an authenticated client, but got http.DefaultClient")
|
|
}
|
|
}
|