core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/pkg/io/local/client_test.go
Snider f47e8211fb feat(mcp): add workspace root validation to prevent path traversal (#100) 
* feat(mcp): add workspace root validation to prevent path traversal

- Add workspaceRoot field to Service for restricting file operations
- Add WithWorkspaceRoot() option for configuring the workspace directory
- Add validatePath() helper to check paths are within workspace
- Apply validation to all file operation handlers
- Default to current working directory for security
- Add comprehensive tests for path validation

Closes #82

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move CLI commands from pkg/ to internal/cmd/

- Move 18 CLI command packages to internal/cmd/ (not externally importable)
- Keep 16 library packages in pkg/ (externally importable)
- Update all import paths throughout codebase
- Cleaner separation between CLI logic and reusable libraries

CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor,
php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace

Libraries remaining: agentic, build, cache, cli, container, devops,
errors, framework, git, i18n, io, log, mcp, process, release, repos

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor(mcp): use pkg/io Medium for sandboxed file operations

Replace manual path validation with pkg/io.Medium for all file operations.
This delegates security (path traversal, symlink bypass) to the sandboxed
local.Medium implementation.

Changes:
- Add io.NewSandboxed() for creating sandboxed Medium instances
- Refactor MCP Service to use io.Medium instead of direct os.* calls
- Remove validatePath and resolvePathWithSymlinks functions
- Update tests to verify Medium-based behaviour

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: correct import path and workflow references

- Fix pkg/io/io.go import from core-gui to core
- Update CI workflows to use internal/cmd/updater path

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(security): address CodeRabbit review issues for path validation

- pkg/io/local: add symlink resolution and boundary-aware containment
  - Reject absolute paths in sandboxed Medium
  - Use filepath.EvalSymlinks to prevent symlink bypass attacks
  - Fix prefix check to prevent /tmp/root matching /tmp/root2

- pkg/mcp: fix resolvePath to validate and return errors
  - Changed resolvePath from (string) to (string, error)
  - Update deleteFile, renameFile, listDirectory, fileExists to handle errors
  - Changed New() to return (*Service, error) instead of *Service
  - Properly propagate option errors instead of silently discarding

- pkg/io: wrap errors with E() helper for consistent context
  - Copy() and MockMedium.Read() now use coreerr.E()

- tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines
  - Fix hardcoded /tmp in TestPath to use t.TempDir()
  - Add TestResolvePath_Bad_SymlinkTraversal test

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* style: fix gofmt formatting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* style: fix gofmt formatting across all files

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 21:59:34 +00:00

201 lines
5.3 KiB
Go
Raw Blame History

package local
import (
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
)
func TestNew_Good(t *testing.T) {
testRoot := t.TempDir()
// Test successful creation
medium, err := New(testRoot)
assert.NoError(t, err)
assert.NotNil(t, medium)
assert.Equal(t, testRoot, medium.root)
// Verify the root directory exists
info, err := os.Stat(testRoot)
assert.NoError(t, err)
assert.True(t, info.IsDir())
// Test creating a new instance with an existing directory (should not error)
medium2, err := New(testRoot)
assert.NoError(t, err)
assert.NotNil(t, medium2)
}
func TestPath_Good(t *testing.T) {
testRoot := t.TempDir()
medium := &Medium{root: testRoot}
// Valid path
validPath, err := medium.path("file.txt")
assert.NoError(t, err)
assert.Equal(t, filepath.Join(testRoot, "file.txt"), validPath)
// Subdirectory path
subDirPath, err := medium.path("dir/sub/file.txt")
assert.NoError(t, err)
assert.Equal(t, filepath.Join(testRoot, "dir", "sub", "file.txt"), subDirPath)
}
func TestPath_Bad(t *testing.T) {
testRoot := t.TempDir()
medium := &Medium{root: testRoot}
// Path traversal attempt
_, err := medium.path("../secret.txt")
assert.Error(t, err)
assert.Contains(t, err.Error(), "path traversal attempt detected")
_, err = medium.path("dir/../../secret.txt")
assert.Error(t, err)
assert.Contains(t, err.Error(), "path traversal attempt detected")
// Absolute path attempt
_, err = medium.path("/etc/passwd")
assert.Error(t, err)
assert.Contains(t, err.Error(), "path traversal attempt detected")
}
func TestReadWrite_Good(t *testing.T) {
testRoot, err := os.MkdirTemp("", "local_read_write_test")
assert.NoError(t, err)
defer os.RemoveAll(testRoot)
medium, err := New(testRoot)
assert.NoError(t, err)
fileName := "testfile.txt"
filePath := filepath.Join("subdir", fileName)
content := "Hello, Gopher!\nThis is a test file."
// Test Write
err = medium.Write(filePath, content)
assert.NoError(t, err)
// Verify file content by reading directly from OS
readContent, err := os.ReadFile(filepath.Join(testRoot, filePath))
assert.NoError(t, err)
assert.Equal(t, content, string(readContent))
// Test Read
readByMedium, err := medium.Read(filePath)
assert.NoError(t, err)
assert.Equal(t, content, readByMedium)
// Test Read non-existent file
_, err = medium.Read("nonexistent.txt")
assert.Error(t, err)
assert.True(t, os.IsNotExist(err))
// Test Write to a path with traversal attempt
writeErr := medium.Write("../badfile.txt", "malicious content")
assert.Error(t, writeErr)
assert.Contains(t, writeErr.Error(), "path traversal attempt detected")
}
func TestEnsureDir_Good(t *testing.T) {
testRoot, err := os.MkdirTemp("", "local_ensure_dir_test")
assert.NoError(t, err)
defer os.RemoveAll(testRoot)
medium, err := New(testRoot)
assert.NoError(t, err)
dirName := "newdir/subdir"
dirPath := filepath.Join(testRoot, dirName)
// Test creating a new directory
err = medium.EnsureDir(dirName)
assert.NoError(t, err)
info, err := os.Stat(dirPath)
assert.NoError(t, err)
assert.True(t, info.IsDir())
// Test ensuring an existing directory (should not error)
err = medium.EnsureDir(dirName)
assert.NoError(t, err)
// Test ensuring a directory with path traversal attempt
err = medium.EnsureDir("../bad_dir")
assert.Error(t, err)
assert.Contains(t, err.Error(), "path traversal attempt detected")
}
func TestIsFile_Good(t *testing.T) {
testRoot, err := os.MkdirTemp("", "local_is_file_test")
assert.NoError(t, err)
defer os.RemoveAll(testRoot)
medium, err := New(testRoot)
assert.NoError(t, err)
// Create a test file
fileName := "existing_file.txt"
filePath := filepath.Join(testRoot, fileName)
err = os.WriteFile(filePath, []byte("content"), 0644)
assert.NoError(t, err)
// Create a test directory
dirName := "existing_dir"
dirPath := filepath.Join(testRoot, dirName)
err = os.Mkdir(dirPath, 0755)
assert.NoError(t, err)
// Test with an existing file
assert.True(t, medium.IsFile(fileName))
// Test with a non-existent file
assert.False(t, medium.IsFile("nonexistent_file.txt"))
// Test with a directory
assert.False(t, medium.IsFile(dirName))
// Test with path traversal attempt
assert.False(t, medium.IsFile("../bad_file.txt"))
}
func TestFileGetFileSet_Good(t *testing.T) {
testRoot, err := os.MkdirTemp("", "local_fileget_fileset_test")
assert.NoError(t, err)
defer os.RemoveAll(testRoot)
medium, err := New(testRoot)
assert.NoError(t, err)
fileName := "data.txt"
content := "Hello, FileGet/FileSet!"
// Test FileSet
err = medium.FileSet(fileName, content)
assert.NoError(t, err)
// Verify file was written
readContent, err := os.ReadFile(filepath.Join(testRoot, fileName))
assert.NoError(t, err)
assert.Equal(t, content, string(readContent))
// Test FileGet
gotContent, err := medium.FileGet(fileName)
assert.NoError(t, err)
assert.Equal(t, content, gotContent)
// Test FileGet on non-existent file
_, err = medium.FileGet("nonexistent.txt")
assert.Error(t, err)
// Test FileSet with path traversal attempt
err = medium.FileSet("../bad.txt", "malicious")
assert.Error(t, err)
assert.Contains(t, err.Error(), "path traversal attempt detected")
// Test FileGet with path traversal attempt
_, err = medium.FileGet("../bad.txt")
assert.Error(t, err)
assert.Contains(t, err.Error(), "path traversal attempt detected")
}
Reference in a new issue View git blame Copy permalink