Heavy security and file splitting
CI / Go Tests (push) Successful in 15s
CI / Build (push) Successful in 9s
Format / gofmt (push) Successful in 7s
Release Artifacts / Validate release tag (push) Successful in 2s
Release Artifacts / Build and release executables (push) Successful in 15s
Release Artifacts / Build and release Docker image (push) Successful in 28s
CI / Go Tests (push) Successful in 15s
CI / Build (push) Successful in 9s
Format / gofmt (push) Successful in 7s
Release Artifacts / Validate release tag (push) Successful in 2s
Release Artifacts / Build and release executables (push) Successful in 15s
Release Artifacts / Build and release Docker image (push) Successful in 28s
This commit is contained in:
@@ -15,8 +15,6 @@ import (
|
||||
"scratchbox/internal/storage"
|
||||
)
|
||||
|
||||
var testStorageKey = []byte("0123456789abcdef0123456789abcdef")
|
||||
|
||||
func TestMultipartFileCount(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@@ -61,6 +59,7 @@ func TestNewServerInitializes(t *testing.T) {
|
||||
RateLimitUI: config.RateLimitConfig{Enabled: false, RequestsPerMinute: 30, Burst: 10},
|
||||
RateLimitAPIRead: config.RateLimitConfig{Enabled: false, RequestsPerMinute: 30, Burst: 10},
|
||||
RateLimitAPIWrite: config.RateLimitConfig{Enabled: false, RequestsPerMinute: 30, Burst: 10},
|
||||
HSTSEnabled: true,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -132,6 +131,7 @@ func TestWriteCreateErrorBranchesWithConfig(t *testing.T) {
|
||||
RateLimitUI: config.RateLimitConfig{Enabled: false, RequestsPerMinute: 30, Burst: 10},
|
||||
RateLimitAPIRead: config.RateLimitConfig{Enabled: false, RequestsPerMinute: 30, Burst: 10},
|
||||
RateLimitAPIWrite: config.RateLimitConfig{Enabled: false, RequestsPerMinute: 30, Burst: 10},
|
||||
HSTSEnabled: true,
|
||||
},
|
||||
}
|
||||
if _, err := NewServer(cfg, store, log.New(io.Discard, "", 0), log.New(io.Discard, "", 0)); err != nil {
|
||||
@@ -147,3 +147,41 @@ func containsAll(haystack string, needles ...string) bool {
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// TestInjectMetaEscapesSpecialChars exercises the server-side meta injection
|
||||
// (used for /s/{id} and 410 pages) with filenames/titles containing HTML special
|
||||
// chars. This provides basic coverage/golden-like check for the replace+escape
|
||||
// logic against the exact literals in the committed static shell (addresses
|
||||
// fragility note without changing to full template).
|
||||
func TestInjectMetaEscapesSpecialChars(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Minimal shell containing exactly the replace targets used by injectMeta.
|
||||
// (Real index.html from Vite is larger but uses these literal strings.)
|
||||
shell := []byte(`<!doctype html>
|
||||
<html><head>
|
||||
<title>Scratchbox</title>
|
||||
<meta property="og:title" content="Scratchbox" />
|
||||
<meta name="twitter:title" content="Scratchbox" />
|
||||
<meta name="description" content="Minimal temporary file sharing. Upload once, share the link, auto-expires." />
|
||||
<meta property="og:description" content="Minimal temporary file sharing. Upload once, share the link, auto-expires." />
|
||||
<meta name="twitter:description" content="Minimal temporary file sharing. Upload once, share the link, auto-expires." />
|
||||
</head><body></body></html>`)
|
||||
|
||||
tricky := `report & "notes" <2026> 'foo'`
|
||||
gotBytes := injectMeta(shell, tricky, tricky, tricky)
|
||||
got := string(gotBytes)
|
||||
|
||||
// Must have escaped the specials.
|
||||
if !strings.Contains(got, `&`) || !strings.Contains(got, `<`) || !strings.Contains(got, `>`) || !strings.Contains(got, `"`) {
|
||||
t.Fatalf("injectMeta did not escape specials in output: %q", got)
|
||||
}
|
||||
// Title etc updated (escaped form present).
|
||||
if !strings.Contains(got, `report & "notes" <2026>`) {
|
||||
t.Fatalf("injectMeta title not updated or badly escaped: %q", got)
|
||||
}
|
||||
// Original static should be gone (count=1 replaces).
|
||||
if strings.Contains(got, `<title>Scratchbox</title>`) {
|
||||
t.Fatalf("static title not replaced")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user