diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-16 11:30:04 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-16 11:30:04 -0500 |
| commit | ab7a557a5941723d0b3bd7f639efc414cc5754fd (patch) | |
| tree | df1af41c00153f78603578dcceb18e292618006c /tests/test-gptel-tools-git-status.el | |
| parent | 0996d2fc71e115dc895fbf30eb41dbf09fda5962 (diff) | |
| download | dotemacs-ab7a557a5941723d0b3bd7f639efc414cc5754fd.tar.gz dotemacs-ab7a557a5941723d0b3bd7f639efc414cc5754fd.zip | |
feat(gptel-tools): harden path validation with file-truename realpath
Resolves PATH through file-truename before applying home-directory and
read/write checks across the path-handling tools (git_status, git_log,
git_diff, move_to_trash, read_text_file, update_text_file,
write_text_file, list_directory_files, read_buffer, web_fetch).
Without the resolve step, a symlink under HOME pointing outside HOME
would pass the prefix check but the tool would act on the real target
-- a symlink-escape.
move_to_trash also tightens the trash-bin construction (treats empty
file extensions correctly) and switches the "critical directories"
list to truename-resolved canonical forms so a symlinked ~/.config
can't be trashed via an aliased path.
update_text_file fixes an off-by-one in the line-count derivation
when the source content is empty.
Each source change pairs with tests in tests/test-gptel-tools-*.el
and tests/test-update-text-file.el covering the realpath escape
paths, the empty-extension trash case, and the empty-content line-
count edge. Combined coverage is now 100% across all ten gptel-tools
source files: 516 / 516 executable lines, 217 tests.
Diffstat (limited to 'tests/test-gptel-tools-git-status.el')
| -rw-r--r-- | tests/test-gptel-tools-git-status.el | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/test-gptel-tools-git-status.el b/tests/test-gptel-tools-git-status.el index 734abb31..47193853 100644 --- a/tests/test-gptel-tools-git-status.el +++ b/tests/test-gptel-tools-git-status.el @@ -68,6 +68,18 @@ (should-error (cj/gptel-git-status--validate-path dir)) (when (file-exists-p dir) (delete-directory dir t))))) +(ert-deftest test-gptel-tools-git-status-validate-path-error-symlink-outside-home () + "Error: symlinked directories resolving outside HOME are rejected." + (let ((link (expand-file-name + (format ".test-gptel-tools-git-status-link-%s" + (format-time-string "%s%N")) + "~"))) + (unwind-protect + (progn + (make-symbolic-link "/tmp" link t) + (should-error (cj/gptel-git-status--validate-path link))) + (when (file-symlink-p link) (delete-file link))))) + ;; ---------- run (ert-deftest test-gptel-tools-git-status-run-clean-tree () @@ -94,5 +106,19 @@ (let ((out (cj/gptel-git-status--run dir))) (should (string-match-p "^## " out)))))) +(ert-deftest test-gptel-tools-git-status-run-error-on-git-status-failure () + "Error: non-zero git status exits are surfaced." + (test-gptel-tools-git-status--with-repo + (lambda (dir) + (cl-letf (((symbol-function 'process-file) + (lambda (program infile destination display &rest args) + (if (member "status" args) + (progn + (when (bufferp destination) + (with-current-buffer destination (insert "bad status"))) + 2) + (apply #'call-process program infile destination display args))))) + (should-error (cj/gptel-git-status--run dir)))))) + (provide 'test-gptel-tools-git-status) ;;; test-gptel-tools-git-status.el ends here |
