forked from molecule-ai/molecule-core
df2cf935d3
Three traversal / cross-workspace rejection tests on staging were masked by premature "docker not available" early returns: 1. deleteViaEphemeral — nil-docker check fired BEFORE path validation; malicious paths got "docker not available" (wrong code path) instead of "path not allowed". Reversed the order + added "path not allowed:" prefix to rejection messages. 2. copyFilesToContainer — split the traversal classifier into: - absolute path → "unsafe file path in archive" - literal "../" prefix → "unsafe file path in archive" (classic) - URL-encoded / mid-path traversal → "path escapes destination" Added nil-docker guard AFTER validation so legitimate inputs error cleanly instead of panicking on nil docker. 3. HandleConnect KI-005 — test used outdated table name "workspace_tokens"; ValidateAnyToken uses "workspace_auth_tokens" since #1210. Updated the mock. Added best-effort last_used_at UPDATE expectation that fires after successful token validation. Brings the handlers package from 3 failing tests to 0. All 20 Go packages green on go test -race ./... locally. |
||
|---|---|---|
| .. | ||
| artifacts | ||
| bundle | ||
| channels | ||
| crypto | ||
| db | ||
| envx | ||
| events | ||
| handlers | ||
| metrics | ||
| middleware | ||
| models | ||
| orgtoken | ||
| plugins | ||
| provisioner | ||
| registry | ||
| router | ||
| scheduler | ||
| supervised | ||
| ws | ||
| wsauth | ||