test: add additional bypass parity coverage#3
Merged
Conversation
jesse-merhi
force-pushed
the
test/additional-bypass-parity
branch
from
3780b7f to
34e9a4f
Compare
There was a problem hiding this comment.
Pull request overview
Adds a new Vitest suite intended to extend bypass/parity coverage across several helper “surfaces” (archive path handling, temp helpers, local file URLs, install path containment, directory walking, trash root checks, and JSON store lock/update flow) without changing production code.
Changes:
- Introduces
additional-bypass-parity.test.tscovering a variety of traversal/escape payloads and “no outside write/read” assertions. - Adds new test cases for archive entry validation/output resolution/staging, temp file helpers, file URL parsing, install-path containment, directory walking symlink behavior, trash allowed-root enforcement, and JSON store update flow under locking.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+54
to
+58
| for (const payload of ARCHIVE_ESCAPE_PAYLOADS) { | ||
| expect(() => validateArchiveEntryPath(payload), `validate ${payload}`).toThrow(); | ||
| await expect( | ||
| prepareArchiveOutputPath({ destDir: layout.base, relativePath: payload, originalPath: payload }), | ||
| ).rejects.toThrow(); |
| it("sanitizes temp file names and keeps temp file helpers inside their created directory", async () => { | ||
| const layout = await makeTempLayout("fs-safe-temp"); | ||
| expect(sanitizeTempFileName("../../evil.txt")).toBe("evil.txt"); | ||
| expect(sanitizeTempFileName("..\\evil.txt")).toBe("..-evil.txt"); |
Comment on lines
+131
to
+134
| expect(followed.entries.some((entry) => entry.path.startsWith(layout.outside))).toBe(false); | ||
|
|
||
| const syncFollowed = walkDirectorySync(layout.base, { symlinks: "follow", maxEntries: 20 }); | ||
| expect(syncFollowed.entries.length).toBeLessThanOrEqual(20); |
jesse-merhi
force-pushed
the
test/additional-bypass-parity
branch
from
34e9a4f to
52e326d
Compare
steipete
force-pushed
the
test/additional-bypass-parity
branch
from
52e326d to
f68a681
Compare
steipete
approved these changes
May 6, 2026
Contributor
steipete
left a comment
steipete
left a comment
There was a problem hiding this comment.
Reviewed against current main after the temp workspace surface cleanup. No blocking issues found; this is test-only bypass/parity coverage and local pnpm check is green.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Validation
pnpm test test/additional-bypass-parity.test.tspnpm checkNotes
This is test-only. No production changes were required by the additional bypass checks.