// SPDX-License-Identifier: EUPL-1.2 package agentci import ( "context" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestSanitizePath_Good(t *testing.T) { tests := []struct { input string want string }{ {"simple", "simple"}, {"with-dash", "with-dash"}, {"with_underscore", "with_underscore"}, {"with.dot", "with.dot"}, {"CamelCase", "CamelCase"}, {"123", "123"}, {"../secret", "secret"}, {"/var/tmp/report.txt", "report.txt"}, {"nested/path/file", "file"}, } for _, tt := range tests { t.Run(tt.input, func(t *testing.T) { got, err := SanitizePath(tt.input) require.NoError(t, err) assert.Equal(t, tt.want, got) }) } } func TestSanitizePath_Bad(t *testing.T) { tests := []struct { name string input string }{ {"spaces", "has space"}, {"special chars", "file@name"}, {"backtick", "file`name"}, {"semicolon", "file;name"}, {"pipe", "file|name"}, {"ampersand", "file&name"}, {"dollar", "file$name"}, {"backslash", `path\to\file.txt`}, {"current dir", "."}, {"parent traversal base", ".."}, {"root", "/"}, {"empty", ""}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { _, err := SanitizePath(tt.input) assert.Error(t, err) }) } } func TestEscapeShellArg_Good(t *testing.T) { tests := []struct { input string want string }{ {"simple", "'simple'"}, {"with spaces", "'with spaces'"}, {"it's", "'it'\\''s'"}, {"", "''"}, } for _, tt := range tests { t.Run(tt.input, func(t *testing.T) { assert.Equal(t, tt.want, EscapeShellArg(tt.input)) }) } } func TestSecureSSHCommand_Good(t *testing.T) { cmd := SecureSSHCommand("host.example.com", "ls -la") args := cmd.Args assert.Equal(t, "ssh", args[0]) assert.Contains(t, args, "-o") assert.Contains(t, args, "StrictHostKeyChecking=yes") assert.Contains(t, args, "BatchMode=yes") assert.Contains(t, args, "ConnectTimeout=10") assert.Equal(t, "host.example.com", args[len(args)-2]) assert.Equal(t, "ls -la", args[len(args)-1]) } func TestSecureSSHCommandContext_Good(t *testing.T) { cmd := SecureSSHCommandContext(context.Background(), "host.example.com", "ls -la") args := cmd.Args assert.Equal(t, "ssh", args[0]) assert.Contains(t, args, "-o") assert.Contains(t, args, "StrictHostKeyChecking=yes") assert.Contains(t, args, "BatchMode=yes") assert.Contains(t, args, "ConnectTimeout=10") assert.Equal(t, "host.example.com", args[len(args)-2]) assert.Equal(t, "ls -la", args[len(args)-1]) } func TestMaskToken_Good(t *testing.T) { tests := []struct { name string input string want string }{ {"long token", "abcdefghijklmnop", "abcd****mnop"}, {"exactly 8", "12345678", "1234****5678"}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { assert.Equal(t, tt.want, MaskToken(tt.input)) }) } } func TestMaskToken_Bad(t *testing.T) { tests := []struct { name string input string }{ {"short", "abc"}, {"empty", ""}, {"seven chars", "1234567"}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { assert.Equal(t, "*****", MaskToken(tt.input)) }) } }