54 lines
1.8 KiB
JavaScript
54 lines
1.8 KiB
JavaScript
const assert = require("assert");
|
|
const fs = require("fs");
|
|
const os = require("os");
|
|
const path = require("path");
|
|
|
|
const { copyRecursiveSync } = require("../../bin/install");
|
|
|
|
async function main() {
|
|
const { copyFolderSync } = await import("../../scripts/setup_web.js");
|
|
|
|
const root = fs.mkdtempSync(path.join(os.tmpdir(), "copy-security-"));
|
|
try {
|
|
const safeRoot = path.join(root, "safe-root");
|
|
const destRoot = path.join(root, "dest-root");
|
|
const outsideDir = path.join(root, "outside");
|
|
|
|
fs.mkdirSync(path.join(safeRoot, "nested"), { recursive: true });
|
|
fs.mkdirSync(outsideDir, { recursive: true });
|
|
|
|
fs.writeFileSync(path.join(safeRoot, "nested", "ok.txt"), "ok");
|
|
fs.writeFileSync(path.join(outsideDir, "secret.txt"), "secret");
|
|
fs.symlinkSync(outsideDir, path.join(safeRoot, "escape-link"));
|
|
|
|
copyRecursiveSync(safeRoot, path.join(destRoot, "install-copy"), safeRoot);
|
|
copyFolderSync(safeRoot, path.join(destRoot, "web-copy"), safeRoot);
|
|
|
|
assert.strictEqual(
|
|
fs.existsSync(path.join(destRoot, "install-copy", "escape-link", "secret.txt")),
|
|
false,
|
|
"installer copy must not follow symlinks outside the cloned root",
|
|
);
|
|
assert.strictEqual(
|
|
fs.existsSync(path.join(destRoot, "web-copy", "escape-link", "secret.txt")),
|
|
false,
|
|
"web setup copy must not follow symlinks outside the skills root",
|
|
);
|
|
assert.strictEqual(
|
|
fs.readFileSync(path.join(destRoot, "install-copy", "nested", "ok.txt"), "utf8"),
|
|
"ok",
|
|
);
|
|
assert.strictEqual(
|
|
fs.readFileSync(path.join(destRoot, "web-copy", "nested", "ok.txt"), "utf8"),
|
|
"ok",
|
|
);
|
|
} finally {
|
|
fs.rmSync(root, { recursive: true, force: true });
|
|
}
|
|
}
|
|
|
|
main().catch((error) => {
|
|
console.error(error);
|
|
process.exit(1);
|
|
});
|