mirror/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2025-12-30 07:19:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf45e97641b9b9caf33244c85c2143bbe0dbe4b5
outline/server/validation.test.ts
Tom Moor 747fde1105 feat: Sync avatars automatically from iDP (#10718) 
* feat: Sync avatars automatically from iDP unless user has manually uploaded

* Update test for new logic
2025-11-25 13:36:15 +01:00

71 lines
2.1 KiB
TypeScript
Raw Blame History

import { randomUUID } from "crypto";
import { Buckets } from "./models/helpers/AttachmentHelper";
import { ValidateKey } from "./validation";
describe("#ValidateKey.isValid", () => {
it("should return false if number of key components is incorrect", () => {
expect(
ValidateKey.isValid(
`${Buckets.uploads}/${randomUUID()}/${randomUUID()}/foo/bar`
)
).toBe(false);
});
it("should return false if the first key component is not a valid bucket", () => {
expect(
ValidateKey.isValid(`foo/${randomUUID()}/${randomUUID()}/bar.png`)
).toBe(false);
});
it("should return false if second and third key components are not UUID", () => {
expect(
ValidateKey.isValid(`${Buckets.uploads}/foo/${randomUUID()}/bar.png`)
).toBe(false);
expect(
ValidateKey.isValid(`${Buckets.uploads}/${randomUUID()}/foo/bar.png`)
).toBe(false);
});
it("should return true successfully validating key", () => {
expect(
ValidateKey.isValid(
`${Buckets.public}/${randomUUID()}/${randomUUID()}/foo.png`
)
).toBe(true);
expect(
ValidateKey.isValid(
`${Buckets.uploads}/${randomUUID()}/${randomUUID()}/foo.png`
)
).toBe(true);
expect(
ValidateKey.isValid(`${Buckets.avatars}/${randomUUID()}/${randomUUID()}`)
).toBe(true);
});
});
describe("#ValidateKey.sanitize", () => {
it("should sanitize malicious looking keys", () => {
const uuid1 = randomUUID();
const uuid2 = randomUUID();
expect(
ValidateKey.sanitize(`public/${uuid1}/${uuid2}/~\.\u0000\malicious_key`)
).toEqual(`public/${uuid1}/${uuid2}/~.malicious_key`);
});
it("should remove potential path traversal", () => {
const uuid1 = randomUUID();
const uuid2 = randomUUID();
expect(
ValidateKey.sanitize(`public/${uuid1}/${uuid2}/../../malicious_key`)
).toEqual(`public/${uuid1}/${uuid2}/malicious_key`);
});
it("should remove problematic characters", () => {
const uuid1 = randomUUID();
const uuid2 = randomUUID();
expect(ValidateKey.sanitize(`public/${uuid1}/${uuid2}/test#:*?`)).toEqual(
`public/${uuid1}/${uuid2}/test`
);
});
});
Reference in New Issue View Git Blame Copy Permalink