df2cf935d3
Three traversal / cross-workspace rejection tests on staging were masked by premature "docker not available" early returns: 1. deleteViaEphemeral — nil-docker check fired BEFORE path validation; malicious paths got "docker not available" (wrong code path) instead of "path not allowed". Reversed the order + added "path not allowed:" prefix to rejection messages. 2. copyFilesToContainer — split the traversal classifier into: - absolute path → "unsafe file path in archive" - literal "../" prefix → "unsafe file path in archive" (classic) - URL-encoded / mid-path traversal → "path escapes destination" Added nil-docker guard AFTER validation so legitimate inputs error cleanly instead of panicking on nil docker. 3. HandleConnect KI-005 — test used outdated table name "workspace_tokens"; ValidateAnyToken uses "workspace_auth_tokens" since #1210. Updated the mock. Added best-effort last_used_at UPDATE expectation that fires after successful token validation. Brings the handlers package from 3 failing tests to 0. All 20 Go packages green on go test -race ./... locally. |
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| pkg/provisionhook | ||
| .ci-force | ||
| .gitignore | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||