3365bfd5ba
* feat(mcp): add workspace root validation to prevent path traversal - Add workspaceRoot field to Service for restricting file operations - Add WithWorkspaceRoot() option for configuring the workspace directory - Add validatePath() helper to check paths are within workspace - Apply validation to all file operation handlers - Default to current working directory for security - Add comprehensive tests for path validation Closes #82 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: move CLI commands from pkg/ to internal/cmd/ - Move 18 CLI command packages to internal/cmd/ (not externally importable) - Keep 16 library packages in pkg/ (externally importable) - Update all import paths throughout codebase - Cleaner separation between CLI logic and reusable libraries CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor, php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace Libraries remaining: agentic, build, cache, cli, container, devops, errors, framework, git, i18n, io, log, mcp, process, release, repos Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(mcp): use pkg/io Medium for sandboxed file operations Replace manual path validation with pkg/io.Medium for all file operations. This delegates security (path traversal, symlink bypass) to the sandboxed local.Medium implementation. Changes: - Add io.NewSandboxed() for creating sandboxed Medium instances - Refactor MCP Service to use io.Medium instead of direct os.* calls - Remove validatePath and resolvePathWithSymlinks functions - Update tests to verify Medium-based behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: correct import path and workflow references - Fix pkg/io/io.go import from core-gui to core - Update CI workflows to use internal/cmd/updater path Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address CodeRabbit review issues for path validation - pkg/io/local: add symlink resolution and boundary-aware containment - Reject absolute paths in sandboxed Medium - Use filepath.EvalSymlinks to prevent symlink bypass attacks - Fix prefix check to prevent /tmp/root matching /tmp/root2 - pkg/mcp: fix resolvePath to validate and return errors - Changed resolvePath from (string) to (string, error) - Update deleteFile, renameFile, listDirectory, fileExists to handle errors - Changed New() to return (*Service, error) instead of *Service - Properly propagate option errors instead of silently discarding - pkg/io: wrap errors with E() helper for consistent context - Copy() and MockMedium.Read() now use coreerr.E() - tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines - Fix hardcoded /tmp in TestPath to use t.TempDir() - Add TestResolvePath_Bad_SymlinkTraversal test Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting across all files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
219 lines
6 KiB
Go
219 lines
6 KiB
Go
package php
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestSSLOptions_Struct(t *testing.T) {
|
|
t.Run("all fields accessible", func(t *testing.T) {
|
|
opts := SSLOptions{Dir: "/custom/ssl/dir"}
|
|
assert.Equal(t, "/custom/ssl/dir", opts.Dir)
|
|
})
|
|
}
|
|
|
|
func TestGetSSLDir_Bad(t *testing.T) {
|
|
t.Run("fails to create directory in invalid path", func(t *testing.T) {
|
|
// Try to create a directory in a path that can't exist
|
|
opts := SSLOptions{Dir: "/dev/null/cannot/create"}
|
|
_, err := GetSSLDir(opts)
|
|
assert.Error(t, err)
|
|
assert.Contains(t, err.Error(), "Failed to create SSL directory")
|
|
})
|
|
}
|
|
|
|
func TestCertPaths_Bad(t *testing.T) {
|
|
t.Run("fails when GetSSLDir fails", func(t *testing.T) {
|
|
opts := SSLOptions{Dir: "/dev/null/cannot/create"}
|
|
_, _, err := CertPaths("domain.test", opts)
|
|
assert.Error(t, err)
|
|
})
|
|
}
|
|
|
|
func TestCertsExist_Detailed(t *testing.T) {
|
|
t.Run("returns true when both cert and key exist", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
domain := "test.local"
|
|
|
|
// Create both files
|
|
certPath := filepath.Join(dir, domain+".pem")
|
|
keyPath := filepath.Join(dir, domain+"-key.pem")
|
|
|
|
err := os.WriteFile(certPath, []byte("cert"), 0644)
|
|
require.NoError(t, err)
|
|
err = os.WriteFile(keyPath, []byte("key"), 0644)
|
|
require.NoError(t, err)
|
|
|
|
result := CertsExist(domain, SSLOptions{Dir: dir})
|
|
assert.True(t, result)
|
|
})
|
|
|
|
t.Run("returns false when only cert exists", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
domain := "test.local"
|
|
|
|
certPath := filepath.Join(dir, domain+".pem")
|
|
err := os.WriteFile(certPath, []byte("cert"), 0644)
|
|
require.NoError(t, err)
|
|
|
|
result := CertsExist(domain, SSLOptions{Dir: dir})
|
|
assert.False(t, result)
|
|
})
|
|
|
|
t.Run("returns false when only key exists", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
domain := "test.local"
|
|
|
|
keyPath := filepath.Join(dir, domain+"-key.pem")
|
|
err := os.WriteFile(keyPath, []byte("key"), 0644)
|
|
require.NoError(t, err)
|
|
|
|
result := CertsExist(domain, SSLOptions{Dir: dir})
|
|
assert.False(t, result)
|
|
})
|
|
|
|
t.Run("returns false when CertPaths fails", func(t *testing.T) {
|
|
result := CertsExist("domain.test", SSLOptions{Dir: "/dev/null/cannot/create"})
|
|
assert.False(t, result)
|
|
})
|
|
}
|
|
|
|
func TestSetupSSL_RequiresMkcert(t *testing.T) {
|
|
t.Run("fails when mkcert not installed", func(t *testing.T) {
|
|
if IsMkcertInstalled() {
|
|
t.Skip("mkcert is installed, skipping error test")
|
|
}
|
|
|
|
err := SetupSSL("example.test", SSLOptions{})
|
|
assert.Error(t, err)
|
|
assert.Contains(t, err.Error(), "mkcert is not installed")
|
|
})
|
|
}
|
|
|
|
func TestSetupSSLIfNeeded_UsesExisting(t *testing.T) {
|
|
t.Run("returns existing certs without regenerating", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
domain := "existing.test"
|
|
|
|
// Create existing certs
|
|
certPath := filepath.Join(dir, domain+".pem")
|
|
keyPath := filepath.Join(dir, domain+"-key.pem")
|
|
|
|
err := os.WriteFile(certPath, []byte("existing cert"), 0644)
|
|
require.NoError(t, err)
|
|
err = os.WriteFile(keyPath, []byte("existing key"), 0644)
|
|
require.NoError(t, err)
|
|
|
|
resultCert, resultKey, err := SetupSSLIfNeeded(domain, SSLOptions{Dir: dir})
|
|
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, certPath, resultCert)
|
|
assert.Equal(t, keyPath, resultKey)
|
|
|
|
// Verify original content wasn't changed
|
|
content, _ := os.ReadFile(certPath)
|
|
assert.Equal(t, "existing cert", string(content))
|
|
})
|
|
}
|
|
|
|
func TestSetupSSLIfNeeded_Bad(t *testing.T) {
|
|
t.Run("fails when CertPaths fails", func(t *testing.T) {
|
|
_, _, err := SetupSSLIfNeeded("domain.test", SSLOptions{Dir: "/dev/null/cannot/create"})
|
|
assert.Error(t, err)
|
|
})
|
|
|
|
t.Run("fails when SetupSSL fails", func(t *testing.T) {
|
|
if IsMkcertInstalled() {
|
|
t.Skip("mkcert is installed, skipping error test")
|
|
}
|
|
|
|
dir := t.TempDir()
|
|
_, _, err := SetupSSLIfNeeded("domain.test", SSLOptions{Dir: dir})
|
|
assert.Error(t, err)
|
|
})
|
|
}
|
|
|
|
func TestInstallMkcertCA_Bad(t *testing.T) {
|
|
t.Run("fails when mkcert not installed", func(t *testing.T) {
|
|
if IsMkcertInstalled() {
|
|
t.Skip("mkcert is installed, skipping error test")
|
|
}
|
|
|
|
err := InstallMkcertCA()
|
|
assert.Error(t, err)
|
|
assert.Contains(t, err.Error(), "mkcert is not installed")
|
|
})
|
|
}
|
|
|
|
func TestGetMkcertCARoot_Bad(t *testing.T) {
|
|
t.Run("fails when mkcert not installed", func(t *testing.T) {
|
|
if IsMkcertInstalled() {
|
|
t.Skip("mkcert is installed, skipping error test")
|
|
}
|
|
|
|
_, err := GetMkcertCARoot()
|
|
assert.Error(t, err)
|
|
assert.Contains(t, err.Error(), "mkcert is not installed")
|
|
})
|
|
}
|
|
|
|
func TestCertPathsNaming(t *testing.T) {
|
|
t.Run("uses correct naming convention", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
domain := "myapp.example.com"
|
|
|
|
certFile, keyFile, err := CertPaths(domain, SSLOptions{Dir: dir})
|
|
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, filepath.Join(dir, "myapp.example.com.pem"), certFile)
|
|
assert.Equal(t, filepath.Join(dir, "myapp.example.com-key.pem"), keyFile)
|
|
})
|
|
|
|
t.Run("handles localhost", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
|
|
certFile, keyFile, err := CertPaths("localhost", SSLOptions{Dir: dir})
|
|
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, filepath.Join(dir, "localhost.pem"), certFile)
|
|
assert.Equal(t, filepath.Join(dir, "localhost-key.pem"), keyFile)
|
|
})
|
|
|
|
t.Run("handles wildcard-like domains", func(t *testing.T) {
|
|
dir := t.TempDir()
|
|
domain := "*.example.com"
|
|
|
|
certFile, keyFile, err := CertPaths(domain, SSLOptions{Dir: dir})
|
|
|
|
assert.NoError(t, err)
|
|
assert.Contains(t, certFile, "*.example.com.pem")
|
|
assert.Contains(t, keyFile, "*.example.com-key.pem")
|
|
})
|
|
}
|
|
|
|
func TestDefaultSSLDir_Value(t *testing.T) {
|
|
t.Run("has expected default value", func(t *testing.T) {
|
|
assert.Equal(t, ".core/ssl", DefaultSSLDir)
|
|
})
|
|
}
|
|
|
|
func TestGetSSLDir_CreatesDirectory(t *testing.T) {
|
|
t.Run("creates nested directory structure", func(t *testing.T) {
|
|
baseDir := t.TempDir()
|
|
nestedDir := filepath.Join(baseDir, "level1", "level2", "ssl")
|
|
|
|
dir, err := GetSSLDir(SSLOptions{Dir: nestedDir})
|
|
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, nestedDir, dir)
|
|
|
|
// Verify directory exists
|
|
info, err := os.Stat(dir)
|
|
assert.NoError(t, err)
|
|
assert.True(t, info.IsDir())
|
|
})
|
|
}
|