Learning/mRemoteNG
1
0
Fork 0
mirror of https://github.com/mRemoteNG/mRemoteNG.git synced 2026-02-17 22:11:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8f26d57f4022779ba4937a633b6995876fa6c9fa
mRemoteNG/mRemoteNGTests/Tools/PathValidatorTests.cs
copilot-swe-agent[bot] a031e6f5f7 Add path validation to prevent path traversal attacks 
Co-authored-by: Kvarkas <3611964+Kvarkas@users.noreply.github.com>
2025-10-07 14:04:00 +00:00

92 lines
2.9 KiB
C#
Raw Blame History

using System;
using mRemoteNG.Tools;
using NUnit.Framework;
namespace mRemoteNGTests.Tools;
public class PathValidatorTests
{
[Test]
public void ValidPath_ReturnsTrue()
{
string validPath = @"C:\Users\TestUser\Documents\test.xml";
Assert.That(PathValidator.IsValidPath(validPath), Is.True);
}
[Test]
public void PathWithForwardSlashTraversal_ReturnsFalse()
{
string maliciousPath = @"C:\Users\TestUser\Documents\..\..\..\Windows\System32\test.xml";
Assert.That(PathValidator.IsValidPath(maliciousPath), Is.False);
}
[Test]
public void PathWithBackslashTraversal_ReturnsFalse()
{
string maliciousPath = @"C:\Users\TestUser\Documents\..\..\test.xml";
Assert.That(PathValidator.IsValidPath(maliciousPath), Is.False);
}
[Test]
public void PathWithMixedTraversal_ReturnsFalse()
{
string maliciousPath = @"C:\Users\TestUser\Documents\.././..\test.xml";
Assert.That(PathValidator.IsValidPath(maliciousPath), Is.False);
}
[Test]
public void PathWithEncodedTraversal_ReturnsFalse()
{
string maliciousPath = @"C:\Users\TestUser\Documents\%2e%2e\test.xml";
Assert.That(PathValidator.IsValidPath(maliciousPath), Is.False);
}
[Test]
public void PathWithUppercaseEncodedTraversal_ReturnsFalse()
{
string maliciousPath = @"C:\Users\TestUser\Documents\%2E%2E\test.xml";
Assert.That(PathValidator.IsValidPath(maliciousPath), Is.False);
}
[Test]
public void NullPath_ReturnsFalse()
{
Assert.That(PathValidator.IsValidPath(null), Is.False);
}
[Test]
public void EmptyPath_ReturnsFalse()
{
Assert.That(PathValidator.IsValidPath(""), Is.False);
}
[Test]
public void ValidatePathOrThrow_WithValidPath_DoesNotThrow()
{
string validPath = @"C:\Users\TestUser\Documents\test.xml";
Assert.DoesNotThrow(() => PathValidator.ValidatePathOrThrow(validPath));
}
[Test]
public void ValidatePathOrThrow_WithTraversalPath_ThrowsArgumentException()
{
string maliciousPath = @"C:\Users\TestUser\Documents\..\..\..\test.xml";
var exception = Assert.Throws<ArgumentException>(() => PathValidator.ValidatePathOrThrow(maliciousPath));
Assert.That(exception.Message, Does.Contain("path traversal"));
}
[Test]
public void ValidatePathOrThrow_WithNullPath_ThrowsArgumentException()
{
Assert.Throws<ArgumentException>(() => PathValidator.ValidatePathOrThrow(null));
}
[Test]
public void ValidatePathOrThrow_WithCustomParameterName_IncludesParameterName()
{
string maliciousPath = @"..\..\..\test.xml";
var exception = Assert.Throws<ArgumentException>(() => PathValidator.ValidatePathOrThrow(maliciousPath, "customParam"));
Assert.That(exception.ParamName, Is.EqualTo("customParam"));
}
}
Reference in New Issue View Git Blame Copy Permalink