Refactor installation and runner scripts for enhanced usability and security
- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing. - Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`. - Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback. - Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users. - Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
This commit is contained in:
@@ -66,6 +66,51 @@ func TestSaveOutput(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestSaveOutput_PathTraversal(t *testing.T) {
|
||||
s := setupStorage(t)
|
||||
path, err := s.SaveOutput(42, "../../etc/passwd", strings.NewReader("evil"))
|
||||
if err != nil {
|
||||
t.Fatalf("SaveOutput: %v", err)
|
||||
}
|
||||
outRoot := filepath.Join(s.BasePath(), "outputs", "42")
|
||||
if !strings.HasPrefix(path, outRoot) {
|
||||
t.Errorf("saved file %q escaped output directory %q", path, outRoot)
|
||||
}
|
||||
if filepath.Base(path) != "passwd" {
|
||||
t.Errorf("expected basename passwd, got %q", filepath.Base(path))
|
||||
}
|
||||
}
|
||||
|
||||
func TestSanitizeFilename(t *testing.T) {
|
||||
got, err := SanitizeFilename("../../etc/passwd")
|
||||
if err != nil {
|
||||
t.Fatalf("SanitizeFilename: %v", err)
|
||||
}
|
||||
if got != "passwd" {
|
||||
t.Fatalf("got %q want passwd", got)
|
||||
}
|
||||
if _, err := SanitizeFilename(".."); err == nil {
|
||||
t.Fatal("expected error for ..")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSafePathUnderRoot(t *testing.T) {
|
||||
root := t.TempDir()
|
||||
ok, err := SafePathUnderRoot(root, "subdir/file.blend")
|
||||
if err != nil {
|
||||
t.Fatalf("SafePathUnderRoot: %v", err)
|
||||
}
|
||||
if !strings.HasPrefix(ok, root) {
|
||||
t.Fatalf("path %q not under root %q", ok, root)
|
||||
}
|
||||
if _, err := SafePathUnderRoot(root, "../escape.blend"); err == nil {
|
||||
t.Fatal("expected escape to fail")
|
||||
}
|
||||
if _, err := SafePathUnderRoot(root, "/abs.blend"); err == nil {
|
||||
t.Fatal("expected absolute path to fail")
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetFile(t *testing.T) {
|
||||
s := setupStorage(t)
|
||||
savedPath, err := s.SaveUpload(1, "readme.txt", strings.NewReader("hello"))
|
||||
|
||||
Reference in New Issue
Block a user