Test: negative check for malicious paths

This commit is contained in:
Daniel Kennedy
2026-01-26 20:31:02 -05:00
parent 5357eac1de
commit 15b1cec994
@@ -929,6 +929,19 @@ describe('download-artifact', () => {
const savedFilePath = path.join(fixtures.workspaceDir, sanitizedFileName)
expect(fs.existsSync(savedFilePath)).toBe(true)
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
// Verify the file was NOT written outside the workspace directory
const maliciousPathEncoded = path.resolve(
fixtures.workspaceDir,
encodedMaliciousFileName
)
expect(fs.existsSync(maliciousPathEncoded)).toBe(false)
const maliciousPath = path.resolve(
fixtures.workspaceDir,
"../../../etc/passwd"
)
expect(fs.existsSync(maliciousPath)).toBe(false)
})
})
})