mirror/profilarr
1
0
Fork 0
mirror of https://github.com/Dictionarry-Hub/profilarr.git synced 2026-04-19 05:18:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
develop
profilarr/tests/unit/backups/validation.test.ts
santiagosayshey 58233f9f67 feat: add backup API endpoints and rewrite API docs (#410)
2026-04-08 06:52:33 +09:30

65 lines
2.3 KiB
TypeScript
Raw Permalink Blame History

/**
* Unit tests for backup filename validation and path resolution.
*/
import { assertEquals } from '@std/assert';
import {
isValidBackupFilename,
resolveBackupPath
} from '../../../src/lib/server/utils/backup/validation.ts';
// ─── isValidBackupFilename ───────────────────────────────────────────────────
Deno.test('valid standard backup filename', () => {
assertEquals(isValidBackupFilename('backup-2025-01-15-143045.tar.gz'), true);
});
Deno.test('valid uploaded backup filename', () => {
assertEquals(isValidBackupFilename('backup-uploaded-1234567890.tar.gz'), true);
});
Deno.test('rejects filename without backup- prefix', () => {
assertEquals(isValidBackupFilename('notbackup-2025-01-15.tar.gz'), false);
});
Deno.test('rejects filename without .tar.gz suffix', () => {
assertEquals(isValidBackupFilename('backup-2025-01-15.zip'), false);
});
Deno.test('rejects filename with ../', () => {
assertEquals(isValidBackupFilename('backup-../../../etc/passwd.tar.gz'), false);
});
Deno.test('rejects filename with forward slash', () => {
assertEquals(isValidBackupFilename('backup-foo/bar.tar.gz'), false);
});
Deno.test('rejects filename with backslash', () => {
assertEquals(isValidBackupFilename('backup-foo\\bar.tar.gz'), false);
});
Deno.test('rejects filename with null byte', () => {
assertEquals(isValidBackupFilename('backup-foo\x00bar.tar.gz'), false);
});
Deno.test('rejects empty string', () => {
assertEquals(isValidBackupFilename(''), false);
});
// ─── resolveBackupPath ───────────────────────────────────────────────────────
Deno.test('resolves valid filename to path inside backups dir', () => {
const result = resolveBackupPath('backup-2025-01-15-143045.tar.gz', '/tmp/backups');
assertEquals(result, '/tmp/backups/backup-2025-01-15-143045.tar.gz');
});
Deno.test('returns null for invalid filename', () => {
const result = resolveBackupPath('../../../etc/passwd', '/tmp/backups');
assertEquals(result, null);
});
Deno.test('returns null for filename that would escape backups dir', () => {
const result = resolveBackupPath('backup-../secret.tar.gz', '/tmp/backups');
assertEquals(result, null);
});
Reference in New Issue View Git Blame Copy Permalink