GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
24954204eac2447b648d4e56813f69205ee4b873
outline/server/validation.test.ts
T
Tom Moor 00fb4d1af7 chore: Update node style imports (#11277) 
- crypto → node:crypto
  - fs → node:fs
  - fs/promises → node:fs/promises
  - path → node:path
  - http → node:http
  - https → node:https
  - stream → node:stream
  - buffer → node:buffer
  - url → node:url
  - os → node:os
  - net → node:net
  - dns → node:dns
  - events → node:events
  - readline → node:readline
  - querystring → node:querystring
  - util → node:util
2026-01-26 20:51:50 -05:00

71 lines
2.1 KiB
TypeScript
Raw Blame History

import { randomUUID } from "node:crypto";
import { Buckets } from "./models/helpers/AttachmentHelper";
import { ValidateKey } from "./validation";
describe("#ValidateKey.isValid", () => {
it("should return false if number of key components is incorrect", () => {
expect(
ValidateKey.isValid(
`${Buckets.uploads}/${randomUUID()}/${randomUUID()}/foo/bar`
)
).toBe(false);
});
it("should return false if the first key component is not a valid bucket", () => {
expect(
ValidateKey.isValid(`foo/${randomUUID()}/${randomUUID()}/bar.png`)
).toBe(false);
});
it("should return false if second and third key components are not UUID", () => {
expect(
ValidateKey.isValid(`${Buckets.uploads}/foo/${randomUUID()}/bar.png`)
).toBe(false);
expect(
ValidateKey.isValid(`${Buckets.uploads}/${randomUUID()}/foo/bar.png`)
).toBe(false);
});
it("should return true successfully validating key", () => {
expect(
ValidateKey.isValid(
`${Buckets.public}/${randomUUID()}/${randomUUID()}/foo.png`
)
).toBe(true);
expect(
ValidateKey.isValid(
`${Buckets.uploads}/${randomUUID()}/${randomUUID()}/foo.png`
)
).toBe(true);
expect(
ValidateKey.isValid(`${Buckets.avatars}/${randomUUID()}/${randomUUID()}`)
).toBe(true);
});
});
describe("#ValidateKey.sanitize", () => {
it("should sanitize malicious looking keys", () => {
const uuid1 = randomUUID();
const uuid2 = randomUUID();
expect(
ValidateKey.sanitize(`public/${uuid1}/${uuid2}/~\.\u0000\malicious_key`)
).toEqual(`public/${uuid1}/${uuid2}/~.malicious_key`);
});
it("should remove potential path traversal", () => {
const uuid1 = randomUUID();
const uuid2 = randomUUID();
expect(
ValidateKey.sanitize(`public/${uuid1}/${uuid2}/../../malicious_key`)
).toEqual(`public/${uuid1}/${uuid2}/malicious_key`);
});
it("should remove problematic characters", () => {
const uuid1 = randomUUID();
const uuid2 = randomUUID();
expect(ValidateKey.sanitize(`public/${uuid1}/${uuid2}/test#:*?`)).toEqual(
`public/${uuid1}/${uuid2}/test`
);
});
});
Reference in New Issue View Git Blame Copy Permalink