Skip to content

test(security): add symlink-based path traversal attack tests #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
watany-dev merged 1 commit into from
Dec 28, 2025
Merged

test(security): add symlink-based path traversal attack tests #79

watany-dev merged 1 commit into from
Dec 28, 2025

Conversation

@watany-dev
Copy link
Owner

@watany-dev watany-dev commented Dec 28, 2025

Add comprehensive tests for symlink traversal attack patterns in
ValidatePathWithSymlinkResolution. These tests cover attack vectors
that were not previously tested:

  • Relative symlinks with parent traversal (../outside/secret.txt)
  • Absolute symlinks to system paths (/etc, /tmp)
  • Nested symlinks in subdirectories escaping via multiple ../
  • Symlink directory traversal via intermediate paths
  • Symlinks pointing to parent directory (..)
  • Triple and deeply chained symlinks (5 levels)
  • Symlink loops (circular references)
  • Mixed path traversal and symlink attacks
  • Disguised symlink traversal with innocent-looking names

@claude
test(security): add symlink-based path traversal attack tests
c13594d 
Add comprehensive tests for symlink traversal attack patterns in
ValidatePathWithSymlinkResolution. These tests cover attack vectors
that were not previously tested:

- Relative symlinks with parent traversal (../outside/secret.txt)
- Absolute symlinks to system paths (/etc, /tmp)
- Nested symlinks in subdirectories escaping via multiple ../
- Symlink directory traversal via intermediate paths
- Symlinks pointing to parent directory (..)
- Triple and deeply chained symlinks (5 levels)
- Symlink loops (circular references)
- Mixed path traversal and symlink attacks
- Disguised symlink traversal with innocent-looking names
@watany-dev watany-dev merged commit 23ec6d2 into main Dec 28, 2025
4 checks passed
@watany-dev watany-dev deleted the claude/add-symlink-traversal-tests-ERDsy branch December 28, 2025 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@watany-dev @claude