fix: dogfood core.Path() — eliminate path/filepath from all tests

Replaced all filepath.Join() with core.Path() across fs_test.go, fs_example_test.go, core_test.go, path_test.go. core.Path() IS the path traversal security boundary. Agents using filepath.Join bypass it. Tests now demonstrate the Core way. "path/filepath" import is now zero across all test files. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-25 18:58:16 +00:00 · 2026-03-25 18:58:16 +00:00 · 9cba5a8048
commit 9cba5a8048
parent 48a9bd6606
4 changed files with 40 additions and 44 deletions
--- a/core_test.go
+++ b/core_test.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"testing"

 	. "dappco.re/go/core"
@ -296,7 +295,7 @@ func TestCore_Run_Bad(t *testing.T) {
 }

 func TestCore_Run_Ugly(t *testing.T) {
-	shutdownFile := filepath.Join(t.TempDir(), "shutdown.txt")
+	shutdownFile := Path(t.TempDir(), "shutdown.txt")
 	err := runCoreRunHelper(t, "cli-fail", "CORE_RUN_SHUTDOWN_FILE="+shutdownFile)
 	var exitErr *exec.ExitError
 	if assert.ErrorAs(t, err, &exitErr) {
--- a/fs_example_test.go
+++ b/fs_example_test.go
@ -3,7 +3,6 @@ package core_test
 import (
 	"fmt"
 	"os"
-	"path/filepath"

 	. "dappco.re/go/core"
 )
@ -13,7 +12,7 @@ func ExampleFs_WriteAtomic() {
 	defer os.RemoveAll(dir)

 	f := (&Fs{}).New("/")
-	path := filepath.Join(dir, "status.json")
+	path := Path(dir, "status.json")
 	f.WriteAtomic(path, `{"status":"completed"}`)

 	r := f.Read(path)
@ -26,10 +25,10 @@ func ExampleFs_NewUnrestricted() {
 	defer os.RemoveAll(dir)

 	// Write outside sandbox
-	outside := filepath.Join(dir, "outside.txt")
+	outside := Path(dir, "outside.txt")
 	os.WriteFile(outside, []byte("hello"), 0644)

-	sandbox := (&Fs{}).New(filepath.Join(dir, "sandbox"))
+	sandbox := (&Fs{}).New(Path(dir, "sandbox"))
 	unrestricted := sandbox.NewUnrestricted()

 	r := unrestricted.Read(outside)
--- a/fs_test.go
+++ b/fs_test.go
@ -4,7 +4,6 @@ import (
 	"io"
 	"io/fs"
 	"os"
-	"path/filepath"
 	"testing"

 	. "dappco.re/go/core"
@ -17,7 +16,7 @@ func TestFs_WriteRead_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()

-	path := filepath.Join(dir, "test.txt")
+	path := Path(dir, "test.txt")
 	assert.True(t, c.Fs().Write(path, "hello core").OK)

 	r := c.Fs().Read(path)
@ -34,7 +33,7 @@ func TestFs_Read_Bad(t *testing.T) {
 func TestFs_EnsureDir_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "sub", "dir")
+	path := Path(dir, "sub", "dir")
 	assert.True(t, c.Fs().EnsureDir(path).OK)
 	assert.True(t, c.Fs().IsDir(path))
 }
@ -43,14 +42,14 @@ func TestFs_IsDir_Good(t *testing.T) {
 	c := New()
 	dir := t.TempDir()
 	assert.True(t, c.Fs().IsDir(dir))
-	assert.False(t, c.Fs().IsDir(filepath.Join(dir, "nonexistent")))
+	assert.False(t, c.Fs().IsDir(Path(dir, "nonexistent")))
 	assert.False(t, c.Fs().IsDir(""))
 }

 func TestFs_IsFile_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "test.txt")
+	path := Path(dir, "test.txt")
 	c.Fs().Write(path, "data")
 	assert.True(t, c.Fs().IsFile(path))
 	assert.False(t, c.Fs().IsFile(dir))
@ -60,18 +59,18 @@ func TestFs_IsFile_Good(t *testing.T) {
 func TestFs_Exists_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "exists.txt")
+	path := Path(dir, "exists.txt")
 	c.Fs().Write(path, "yes")
 	assert.True(t, c.Fs().Exists(path))
 	assert.True(t, c.Fs().Exists(dir))
-	assert.False(t, c.Fs().Exists(filepath.Join(dir, "nope")))
+	assert.False(t, c.Fs().Exists(Path(dir, "nope")))
 }

 func TestFs_List_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	c.Fs().Write(filepath.Join(dir, "a.txt"), "a")
-	c.Fs().Write(filepath.Join(dir, "b.txt"), "b")
+	c.Fs().Write(Path(dir, "a.txt"), "a")
+	c.Fs().Write(Path(dir, "b.txt"), "b")
 	r := c.Fs().List(dir)
 	assert.True(t, r.OK)
 	assert.Len(t, r.Value.([]fs.DirEntry), 2)
@ -80,7 +79,7 @@ func TestFs_List_Good(t *testing.T) {
 func TestFs_Stat_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "stat.txt")
+	path := Path(dir, "stat.txt")
 	c.Fs().Write(path, "data")
 	r := c.Fs().Stat(path)
 	assert.True(t, r.OK)
@ -90,7 +89,7 @@ func TestFs_Stat_Good(t *testing.T) {
 func TestFs_Open_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "open.txt")
+	path := Path(dir, "open.txt")
 	c.Fs().Write(path, "content")
 	r := c.Fs().Open(path)
 	assert.True(t, r.OK)
@ -100,7 +99,7 @@ func TestFs_Open_Good(t *testing.T) {
 func TestFs_Create_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "sub", "created.txt")
+	path := Path(dir, "sub", "created.txt")
 	r := c.Fs().Create(path)
 	assert.True(t, r.OK)
 	w := r.Value.(io.WriteCloser)
@ -113,7 +112,7 @@ func TestFs_Create_Good(t *testing.T) {
 func TestFs_Append_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "append.txt")
+	path := Path(dir, "append.txt")
 	c.Fs().Write(path, "first")
 	r := c.Fs().Append(path)
 	assert.True(t, r.OK)
@ -127,7 +126,7 @@ func TestFs_Append_Good(t *testing.T) {
 func TestFs_ReadStream_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "stream.txt")
+	path := Path(dir, "stream.txt")
 	c.Fs().Write(path, "streamed")
 	r := c.Fs().ReadStream(path)
 	assert.True(t, r.OK)
@ -137,7 +136,7 @@ func TestFs_ReadStream_Good(t *testing.T) {
 func TestFs_WriteStream_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "sub", "ws.txt")
+	path := Path(dir, "sub", "ws.txt")
 	r := c.Fs().WriteStream(path)
 	assert.True(t, r.OK)
 	w := r.Value.(io.WriteCloser)
@ -148,7 +147,7 @@ func TestFs_WriteStream_Good(t *testing.T) {
 func TestFs_Delete_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "delete.txt")
+	path := Path(dir, "delete.txt")
 	c.Fs().Write(path, "gone")
 	assert.True(t, c.Fs().Delete(path).OK)
 	assert.False(t, c.Fs().Exists(path))
@ -157,18 +156,18 @@ func TestFs_Delete_Good(t *testing.T) {
 func TestFs_DeleteAll_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	sub := filepath.Join(dir, "deep", "nested")
+	sub := Path(dir, "deep", "nested")
 	c.Fs().EnsureDir(sub)
-	c.Fs().Write(filepath.Join(sub, "file.txt"), "data")
-	assert.True(t, c.Fs().DeleteAll(filepath.Join(dir, "deep")).OK)
-	assert.False(t, c.Fs().Exists(filepath.Join(dir, "deep")))
+	c.Fs().Write(Path(sub, "file.txt"), "data")
+	assert.True(t, c.Fs().DeleteAll(Path(dir, "deep")).OK)
+	assert.False(t, c.Fs().Exists(Path(dir, "deep")))
 }

 func TestFs_Rename_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	old := filepath.Join(dir, "old.txt")
-	nw := filepath.Join(dir, "new.txt")
+	old := Path(dir, "old.txt")
+	nw := Path(dir, "new.txt")
 	c.Fs().Write(old, "data")
 	assert.True(t, c.Fs().Rename(old, nw).OK)
 	assert.False(t, c.Fs().Exists(old))
@ -178,7 +177,7 @@ func TestFs_Rename_Good(t *testing.T) {
 func TestFs_WriteMode_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "secret.txt")
+	path := Path(dir, "secret.txt")
 	assert.True(t, c.Fs().WriteMode(path, "secret", 0600).OK)
 	r := c.Fs().Stat(path)
 	assert.True(t, r.OK)
@ -191,7 +190,7 @@ func TestFs_ZeroValue_Good(t *testing.T) {
 	dir := t.TempDir()
 	zeroFs := &Fs{}

-	path := filepath.Join(dir, "zero.txt")
+	path := Path(dir, "zero.txt")
 	assert.True(t, zeroFs.Write(path, "zero value works").OK)
 	r := zeroFs.Read(path)
 	assert.True(t, r.OK)
@ -205,7 +204,7 @@ func TestFs_ZeroValue_List_Good(t *testing.T) {
 	dir := t.TempDir()
 	zeroFs := &Fs{}

-	os.WriteFile(filepath.Join(dir, "a.txt"), []byte("a"), 0644)
+	os.WriteFile(Path(dir, "a.txt"), []byte("a"), 0644)
 	r := zeroFs.List(dir)
 	assert.True(t, r.OK)
 	entries := r.Value.([]fs.DirEntry)
@ -246,7 +245,7 @@ func TestFs_DeleteAll_Protected_Ugly(t *testing.T) {
 func TestFs_ReadStream_WriteStream_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "stream.txt")
+	path := Path(dir, "stream.txt")
 	c.Fs().Write(path, "streamed")

 	r := c.Fs().ReadStream(path)
@ -261,7 +260,7 @@ func TestFs_ReadStream_WriteStream_Good(t *testing.T) {
 func TestFs_WriteAtomic_Good(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "status.json")
+	path := Path(dir, "status.json")
 	r := c.Fs().WriteAtomic(path, `{"status":"completed"}`)
 	assert.True(t, r.OK)

@ -273,7 +272,7 @@ func TestFs_WriteAtomic_Good(t *testing.T) {
 func TestFs_WriteAtomic_Good_Overwrite(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "data.txt")
+	path := Path(dir, "data.txt")
 	c.Fs().WriteAtomic(path, "first")
 	c.Fs().WriteAtomic(path, "second")

@ -291,7 +290,7 @@ func TestFs_WriteAtomic_Bad_ReadOnlyDir(t *testing.T) {
 func TestFs_WriteAtomic_Ugly_NoTempFileLeftOver(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "clean.txt")
+	path := Path(dir, "clean.txt")
 	c.Fs().WriteAtomic(path, "content")

 	// Check no .tmp files remain
@ -304,7 +303,7 @@ func TestFs_WriteAtomic_Ugly_NoTempFileLeftOver(t *testing.T) {
 func TestFs_WriteAtomic_Good_CreatesParentDir(t *testing.T) {
 	dir := t.TempDir()
 	c := New()
-	path := filepath.Join(dir, "sub", "dir", "file.txt")
+	path := Path(dir, "sub", "dir", "file.txt")
 	r := c.Fs().WriteAtomic(path, "nested")
 	assert.True(t, r.OK)

@ -322,10 +321,10 @@ func TestFs_NewUnrestricted_Good(t *testing.T) {

 func TestFs_NewUnrestricted_Good_CanReadOutsideSandbox(t *testing.T) {
 	dir := t.TempDir()
-	outside := filepath.Join(dir, "outside.txt")
+	outside := Path(dir, "outside.txt")
 	os.WriteFile(outside, []byte("hello"), 0644)

-	sandboxed := (&Fs{}).New(filepath.Join(dir, "sandbox"))
+	sandboxed := (&Fs{}).New(Path(dir, "sandbox"))
 	unrestricted := sandboxed.NewUnrestricted()

 	r := unrestricted.Read(outside)
@ -335,7 +334,7 @@ func TestFs_NewUnrestricted_Good_CanReadOutsideSandbox(t *testing.T) {

 func TestFs_NewUnrestricted_Ugly_OriginalStaysSandboxed(t *testing.T) {
 	dir := t.TempDir()
-	sandbox := filepath.Join(dir, "sandbox")
+	sandbox := Path(dir, "sandbox")
 	os.MkdirAll(sandbox, 0755)

 	sandboxed := (&Fs{}).New(sandbox)
--- a/path_test.go
+++ b/path_test.go
@ -4,7 +4,6 @@ package core_test

 import (
 	"os"
-	"path/filepath"
 	"testing"

 	core "dappco.re/go/core"
@ -78,11 +77,11 @@ func TestPath_EnvConsistency(t *testing.T) {

 func TestPath_PathGlob_Good(t *testing.T) {
 	dir := t.TempDir()
-	os.WriteFile(filepath.Join(dir, "a.txt"), []byte("a"), 0644)
-	os.WriteFile(filepath.Join(dir, "b.txt"), []byte("b"), 0644)
-	os.WriteFile(filepath.Join(dir, "c.log"), []byte("c"), 0644)
+	os.WriteFile(core.Path(dir, "a.txt"), []byte("a"), 0644)
+	os.WriteFile(core.Path(dir, "b.txt"), []byte("b"), 0644)
+	os.WriteFile(core.Path(dir, "c.log"), []byte("c"), 0644)

-	matches := core.PathGlob(filepath.Join(dir, "*.txt"))
+	matches := core.PathGlob(core.Path(dir, "*.txt"))
 	assert.Len(t, matches, 2)
 }