sjs/agate
1
0
Fork 0
mirror of https://github.com/samsonjs/agate.git synced 2026-03-25 09:05:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test: use .env/.secret fixtures for percent-encoded dotfile bypass
Some checks failed
Tests / clippy (push) Has been cancelled
Details
Tests / formatting (push) Has been cancelled
Details
Tests / tests (push) Has been cancelled
Details

Browse source
This commit is contained in:
Sami Samhuri 2026-02-15 03:16:14 +00:00
parent cda2e102f8
commit afdcdf7b8d
No known key found for this signature in database
3 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
tests/data/content/.env Normal file
View file

@ -0,0 +1 @@
SECRET_KEY=not-a-real-secret

1
tests/data/content/.secret/hidden-file Normal file
View file

@ -0,0 +1 @@
This file should never be served by default.

5
tests/tests.rs
View file

@ -445,7 +445,7 @@ fn serve_secret_meta_config_subdir() {
/// - hidden files should stay hidden even when the dot is percent-encoded
fn secret_percent_encoded_dot() {
avoid_default_port_conflict();
let page = get(&[], "gemini://localhost/%2emeta").expect("could not get page");
let page = get(&[], "gemini://localhost/%2eenv").expect("could not get page");
assert_eq!(page.status, Status::Gone.value());
}
@ -454,8 +454,7 @@ fn secret_percent_encoded_dot() {
/// - hidden subdirectory segments should stay hidden even when dot is encoded
fn secret_subdir_percent_encoded_dot() {
avoid_default_port_conflict();
let page =
get(&["-C"], "gemini://localhost/%2Ewell-known/hidden-file").expect("could not get page");
let page = get(&[], "gemini://localhost/%2esecret/hidden-file").expect("could not get page");
assert_eq!(page.status, Status::Gone.value());
}