WarpBox/lib/helpers/paths_test.go

package helpers

import (
	"path/filepath"
	"testing"
)

func TestSafeChildPathRejectsTraversalAndAbsolutePaths(t *testing.T) {
	parent := filepath.Join(t.TempDir(), "parent")

	if _, ok := SafeChildPath(parent, "../outside.txt"); ok {
		t.Fatal("expected traversal to be rejected")
	}
	if _, ok := SafeChildPath(parent, filepath.Join(string(filepath.Separator), "tmp", "outside.txt")); ok {
		t.Fatal("expected absolute path to be rejected")
	}
	if path, ok := SafeChildPath(parent, "inside.txt"); !ok || path != filepath.Join(parent, "inside.txt") {
		t.Fatalf("expected safe child path, got path=%q ok=%v", path, ok)
	}
}