test: agregar tests completos para write_file, list_directory, append_file, delete_file
44 tests cubriendo todas las nuevas tools de archivos y la tool existente. Tests por tool: - write_file (11): crear archivo, ReadOnly, path fuera de allowed, contenido >1MB, crear dirs padre, sobreescribir, path traversal, symlink escape, deny-by-default - list_directory (9): listado plano y recursivo, limite 500 entries, symlinks fuera de allowed, path traversal, deny-by-default, no-directorio, dir vacio - append_file (11): append a existente, crear si no existe, ReadOnly, path fuera, limite 10MB total, path traversal, symlink escape, crear dirs padre - delete_file (9): borrar archivo, rechazar directorios, ReadOnly, path fuera, path traversal, symlink escape, archivo inexistente, deny-by-default Tambien corrige resolveReal() para resolver paths con multiples niveles de directorios inexistentes (necesario para MkdirAll en write/append).
This commit is contained in:
@@ -0,0 +1,212 @@
|
||||
package file
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/enmanuel/agents/internal/config"
|
||||
)
|
||||
|
||||
func TestAppendFile_AppendsToExistingFile(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
target := filepath.Join(tmp, "log.txt")
|
||||
os.WriteFile(target, []byte("line1\n"), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": "line2\n",
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
data, _ := os.ReadFile(target)
|
||||
if string(data) != "line1\nline2\n" {
|
||||
t.Fatalf("expected 'line1\\nline2\\n', got %q", string(data))
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Output, "6 bytes") {
|
||||
t.Fatalf("expected '6 bytes' in output, got: %q", result.Output)
|
||||
}
|
||||
if !strings.Contains(result.Output, "total size: 12 bytes") {
|
||||
t.Fatalf("expected total size in output, got: %q", result.Output)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_CreatesNewFileIfNotExists(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
target := filepath.Join(tmp, "new.txt")
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": "first line",
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
data, err := os.ReadFile(target)
|
||||
if err != nil {
|
||||
t.Fatalf("file not created: %v", err)
|
||||
}
|
||||
if string(data) != "first line" {
|
||||
t.Fatalf("expected 'first line', got %q", string(data))
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_RejectsReadOnly(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: true}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "test.txt"),
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when ReadOnly is true")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "read_only") {
|
||||
t.Fatalf("expected read_only error, got: %v", result.Err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_RejectsPathOutsideAllowed(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "/etc/test.txt",
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path outside allowed")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_RejectsTotalSizeOver10MB(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
target := filepath.Join(tmp, "big.txt")
|
||||
|
||||
// Create a file just under the limit
|
||||
existing := strings.Repeat("x", maxAppendTotal-100)
|
||||
os.WriteFile(target, []byte(existing), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
// Try to append content that would exceed the limit
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": strings.Repeat("y", 200),
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when total size exceeds 10 MB")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "10 MB") {
|
||||
t.Fatalf("expected 10 MB error, got: %v", result.Err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_PathTraversal(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "..", "..", "etc", "evil.txt"),
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path traversal")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_SymlinkEscape(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
link := filepath.Join(tmp, "escape")
|
||||
os.Symlink("/tmp", link)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(link, "evil.txt"),
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for symlink escape")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_DenyByDefault(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "/tmp/test.txt",
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when AllowedPaths is empty")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_EmptyPath(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{"/tmp"}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "",
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for empty path")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_EmptyContent(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{"/tmp"}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "/tmp/test.txt",
|
||||
"content": "",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for empty content")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendFile_CreatesParentDirectories(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewAppendFile(cfg)
|
||||
|
||||
target := filepath.Join(tmp, "sub", "dir", "file.txt")
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": "nested content",
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
data, err := os.ReadFile(target)
|
||||
if err != nil {
|
||||
t.Fatalf("file not created: %v", err)
|
||||
}
|
||||
if string(data) != "nested content" {
|
||||
t.Fatalf("expected 'nested content', got %q", string(data))
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,160 @@
|
||||
package file
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/enmanuel/agents/internal/config"
|
||||
)
|
||||
|
||||
func TestDeleteFile_DeletesExistingFile(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
target := filepath.Join(tmp, "doomed.txt")
|
||||
os.WriteFile(target, []byte("bye"), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": target})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
if _, err := os.Stat(target); !os.IsNotExist(err) {
|
||||
t.Fatal("file should have been deleted")
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Output, "deleted") {
|
||||
t.Fatalf("expected 'deleted' in output, got: %q", result.Output)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_RejectsDirectories(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
subdir := filepath.Join(tmp, "mydir")
|
||||
os.Mkdir(subdir, 0755)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": subdir})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when trying to delete a directory")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "directory") {
|
||||
t.Fatalf("expected directory error, got: %v", result.Err)
|
||||
}
|
||||
|
||||
// Verify directory still exists
|
||||
if _, err := os.Stat(subdir); os.IsNotExist(err) {
|
||||
t.Fatal("directory should not have been deleted")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_RejectsReadOnly(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
target := filepath.Join(tmp, "protected.txt")
|
||||
os.WriteFile(target, []byte("safe"), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: true}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": target})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when ReadOnly is true")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "read_only") {
|
||||
t.Fatalf("expected read_only error, got: %v", result.Err)
|
||||
}
|
||||
|
||||
// Verify file still exists
|
||||
if _, err := os.Stat(target); os.IsNotExist(err) {
|
||||
t.Fatal("file should not have been deleted")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_RejectsPathOutsideAllowed(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": "/etc/hosts"})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path outside allowed")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_PathTraversal(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "..", "..", "etc", "hosts"),
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path traversal")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_SymlinkEscape(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
|
||||
// Create a file outside allowed paths
|
||||
outside := t.TempDir()
|
||||
outsideFile := filepath.Join(outside, "secret.txt")
|
||||
os.WriteFile(outsideFile, []byte("secret"), 0644)
|
||||
|
||||
// Create symlink inside allowed paths pointing to the outside file
|
||||
link := filepath.Join(tmp, "link.txt")
|
||||
os.Symlink(outsideFile, link)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": link})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for symlink escape")
|
||||
}
|
||||
|
||||
// Verify the outside file still exists
|
||||
if _, err := os.Stat(outsideFile); os.IsNotExist(err) {
|
||||
t.Fatal("outside file should not have been deleted")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_NonExistentFile(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "nonexistent.txt"),
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for non-existent file")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_EmptyPath(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{"/tmp"}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": ""})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for empty path")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeleteFile_DenyByDefault(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{}, ReadOnly: false}
|
||||
tool := NewDeleteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": "/tmp/test.txt"})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when AllowedPaths is empty")
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,176 @@
|
||||
package file
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/enmanuel/agents/internal/config"
|
||||
)
|
||||
|
||||
func TestListDirectory_ListsFilesAndDirs(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
os.WriteFile(filepath.Join(tmp, "file1.txt"), []byte("hello"), 0644)
|
||||
os.WriteFile(filepath.Join(tmp, "file2.txt"), []byte("world"), 0644)
|
||||
os.Mkdir(filepath.Join(tmp, "subdir"), 0755)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": tmp})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Output, "file1.txt") {
|
||||
t.Fatalf("expected file1.txt in output, got: %s", result.Output)
|
||||
}
|
||||
if !strings.Contains(result.Output, "file2.txt") {
|
||||
t.Fatalf("expected file2.txt in output, got: %s", result.Output)
|
||||
}
|
||||
if !strings.Contains(result.Output, "subdir") {
|
||||
t.Fatalf("expected subdir in output, got: %s", result.Output)
|
||||
}
|
||||
if !strings.Contains(result.Output, "dir") {
|
||||
t.Fatalf("expected 'dir' type in output, got: %s", result.Output)
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_Recursive(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
sub := filepath.Join(tmp, "sub")
|
||||
os.Mkdir(sub, 0755)
|
||||
os.WriteFile(filepath.Join(tmp, "root.txt"), []byte("r"), 0644)
|
||||
os.WriteFile(filepath.Join(sub, "nested.txt"), []byte("n"), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": tmp,
|
||||
"recursive": true,
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Output, "root.txt") {
|
||||
t.Fatalf("expected root.txt in output, got: %s", result.Output)
|
||||
}
|
||||
if !strings.Contains(result.Output, filepath.Join("sub", "nested.txt")) {
|
||||
t.Fatalf("expected sub/nested.txt in output, got: %s", result.Output)
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_RespectsMaxEntries(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
// Create more than maxListEntries files with unique names
|
||||
for i := 0; i < maxListEntries+10; i++ {
|
||||
name := fmt.Sprintf("file_%04d.txt", i)
|
||||
os.WriteFile(filepath.Join(tmp, name), []byte("x"), 0644)
|
||||
}
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": tmp})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
lines := strings.Split(result.Output, "\n")
|
||||
// Should be maxListEntries + 1 (truncation message)
|
||||
if len(lines) > maxListEntries+1 {
|
||||
t.Fatalf("expected at most %d lines, got %d", maxListEntries+1, len(lines))
|
||||
}
|
||||
if !strings.Contains(result.Output, "truncated") {
|
||||
t.Fatalf("expected truncation message, got: %s", result.Output[len(result.Output)-200:])
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_SymlinkOutsideAllowedSkipped(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
// Create a symlink pointing outside AllowedPaths
|
||||
link := filepath.Join(tmp, "escape")
|
||||
os.Symlink("/etc", link)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": tmp})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
// The symlink should be skipped, not listed
|
||||
if strings.Contains(result.Output, "escape") {
|
||||
t.Fatalf("symlink pointing outside allowed paths should be skipped, got: %s", result.Output)
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_PathTraversal(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "..", "..", "etc"),
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path traversal")
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_DenyByDefault(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": "/tmp"})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when AllowedPaths is empty")
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_NotADirectory(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
f := filepath.Join(tmp, "file.txt")
|
||||
os.WriteFile(f, []byte("hello"), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": f})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for non-directory path")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "not a directory") {
|
||||
t.Fatalf("expected 'not a directory' error, got: %v", result.Err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_EmptyPath(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{"/tmp"}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": ""})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for empty path")
|
||||
}
|
||||
}
|
||||
|
||||
func TestListDirectory_EmptyDirectory(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}}
|
||||
tool := NewListDirectory(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{"path": tmp})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success for empty dir, got: %v", result.Err)
|
||||
}
|
||||
if result.Output != "" {
|
||||
t.Fatalf("expected empty output for empty dir, got: %q", result.Output)
|
||||
}
|
||||
}
|
||||
+25
-9
@@ -49,19 +49,35 @@ func validateWritePath(absPath string, allowedPaths []string, readOnly bool) err
|
||||
}
|
||||
|
||||
// resolveReal resolves symlinks for a path.
|
||||
// If the exact path doesn't exist, it resolves the deepest existing ancestor
|
||||
// and appends the remaining segments, preventing partial traversal.
|
||||
// If the exact path doesn't exist, it walks up the tree to find the deepest
|
||||
// existing ancestor, resolves its symlinks, and appends the remaining segments.
|
||||
// This prevents partial traversal attacks via symlinks in non-existent paths.
|
||||
func resolveReal(path string) (string, error) {
|
||||
real, err := filepath.EvalSymlinks(path)
|
||||
if err == nil {
|
||||
return filepath.Clean(real), nil
|
||||
}
|
||||
// Path doesn't exist — resolve parent and append base.
|
||||
parent := filepath.Dir(path)
|
||||
base := filepath.Base(path)
|
||||
realParent, err := filepath.EvalSymlinks(parent)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
||||
// Walk up to find the deepest existing ancestor.
|
||||
cleaned := filepath.Clean(path)
|
||||
var tail []string
|
||||
cur := cleaned
|
||||
for {
|
||||
parent := filepath.Dir(cur)
|
||||
tail = append([]string{filepath.Base(cur)}, tail...)
|
||||
realParent, err := filepath.EvalSymlinks(parent)
|
||||
if err == nil {
|
||||
// Found an existing ancestor — rebuild the path.
|
||||
result := realParent
|
||||
for _, seg := range tail {
|
||||
result = filepath.Join(result, seg)
|
||||
}
|
||||
return filepath.Clean(result), nil
|
||||
}
|
||||
if parent == cur {
|
||||
// Reached the root without finding an existing ancestor.
|
||||
return "", fmt.Errorf("cannot resolve any ancestor of %q", path)
|
||||
}
|
||||
cur = parent
|
||||
}
|
||||
return filepath.Clean(filepath.Join(realParent, base)), nil
|
||||
}
|
||||
|
||||
@@ -0,0 +1,202 @@
|
||||
package file
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/enmanuel/agents/internal/config"
|
||||
)
|
||||
|
||||
func TestWriteFile_CreatesNewFile(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
target := filepath.Join(tmp, "new.txt")
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": "hello world",
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
data, err := os.ReadFile(target)
|
||||
if err != nil {
|
||||
t.Fatalf("file not created: %v", err)
|
||||
}
|
||||
if string(data) != "hello world" {
|
||||
t.Fatalf("expected 'hello world', got %q", string(data))
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Output, "11 bytes") {
|
||||
t.Fatalf("expected output mentioning bytes, got %q", result.Output)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_RejectsReadOnly(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: true}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "test.txt"),
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when ReadOnly is true")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "read_only") {
|
||||
t.Fatalf("expected read_only error, got: %v", result.Err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_RejectsPathOutsideAllowed(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "/etc/test.txt",
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path outside allowed")
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_RejectsContentOver1MB(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
bigContent := strings.Repeat("x", maxWriteSize+1)
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "big.txt"),
|
||||
"content": bigContent,
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for content exceeding 1 MB")
|
||||
}
|
||||
if !strings.Contains(result.Err.Error(), "1 MB") {
|
||||
t.Fatalf("expected 1 MB error, got: %v", result.Err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_CreatesParentDirectories(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
target := filepath.Join(tmp, "sub", "dir", "file.txt")
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": "nested",
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
data, err := os.ReadFile(target)
|
||||
if err != nil {
|
||||
t.Fatalf("file not created: %v", err)
|
||||
}
|
||||
if string(data) != "nested" {
|
||||
t.Fatalf("expected 'nested', got %q", string(data))
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_OverwritesExistingFile(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
target := filepath.Join(tmp, "exists.txt")
|
||||
os.WriteFile(target, []byte("old"), 0644)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": target,
|
||||
"content": "new content",
|
||||
})
|
||||
if result.Err != nil {
|
||||
t.Fatalf("expected success, got: %v", result.Err)
|
||||
}
|
||||
|
||||
data, _ := os.ReadFile(target)
|
||||
if string(data) != "new content" {
|
||||
t.Fatalf("expected 'new content', got %q", string(data))
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_PathTraversal(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(tmp, "..", "..", "etc", "evil.txt"),
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for path traversal")
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_SymlinkEscape(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
link := filepath.Join(tmp, "escape")
|
||||
os.Symlink("/tmp", link)
|
||||
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{tmp}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": filepath.Join(link, "evil.txt"),
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for symlink escape")
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_EmptyPath(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{"/tmp"}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "",
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for empty path")
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_EmptyContent(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{"/tmp"}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "/tmp/test.txt",
|
||||
"content": "",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error for empty content")
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteFile_DenyByDefault(t *testing.T) {
|
||||
cfg := config.FileOpsCfg{AllowedPaths: []string{}, ReadOnly: false}
|
||||
tool := NewWriteFile(cfg)
|
||||
|
||||
result := tool.Exec(context.Background(), map[string]any{
|
||||
"path": "/tmp/test.txt",
|
||||
"content": "data",
|
||||
})
|
||||
if result.Err == nil {
|
||||
t.Fatal("expected error when AllowedPaths is empty")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user