51984e9a1f
- OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001) - Remove PasswordService.GenerateJWT (VEZA-SEC-002) - Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005) - Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006) - Waveform: ValidateExecPath before exec (VEZA-SEC-007)
43 lines
1.3 KiB
Go
43 lines
1.3 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"go.uber.org/zap"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func setupTestWaveformService(t *testing.T) *WaveformService {
|
|
t.Helper()
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
require.NoError(t, err)
|
|
logger := zap.NewNop()
|
|
return NewWaveformService(db, logger, nil)
|
|
}
|
|
|
|
// TestGenerateWaveform_InvalidPath_ReturnsError verifies that paths containing ".." are rejected before exec (VEZA-SEC-007)
|
|
func TestGenerateWaveform_InvalidPath_ReturnsError(t *testing.T) {
|
|
svc := setupTestWaveformService(t)
|
|
ctx := context.Background()
|
|
trackID := uuid.New()
|
|
|
|
err := svc.generateWaveform(ctx, trackID, "/tmp/../etc/passwd")
|
|
assert.Error(t, err)
|
|
assert.Contains(t, err.Error(), "invalid input path")
|
|
}
|
|
|
|
// TestGenerateFallbackWaveform_InvalidPath_ReturnsError verifies ValidateExecPath in fallback path (VEZA-SEC-007)
|
|
func TestGenerateFallbackWaveform_InvalidPath_ReturnsError(t *testing.T) {
|
|
svc := setupTestWaveformService(t)
|
|
ctx := context.Background()
|
|
trackID := uuid.New()
|
|
|
|
err := svc.generateFallbackWaveform(ctx, trackID, "/path/with/../traversal")
|
|
assert.Error(t, err)
|
|
assert.Contains(t, err.Error(), "invalid input path")
|
|
}
|