add symlink traversal attack test

pyrossh · Feb 24, 2024 · 23c8cbf · 23c8cbf
1 parent e7c5447
commit 23c8cbf
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/tests/path_traversal_attack.rs b/tests/path_traversal_attack.rs
@@ -11,3 +11,17 @@ struct Assets;
 fn path_traversal_attack_fails() {
   assert!(Assets::get("../basic.rs").is_none());
 }
+
+#[derive(RustEmbed)]
+#[folder = "examples/axum-spa/"]
+struct AxumAssets;
+
+// TODO:
+/// Prevent attempts to access symlinks outside of the embedded folder.
+/// This is mainly a concern when running in debug mode, since that loads from
+/// the file system at runtime.
+#[test]
+#[ignore = "see https://github.com/pyrossh/rust-embed/pull/235"]
+fn path_traversal_attack_symlink_fails() {
+  assert!(Assets::get("../public/symlinks/main.js").is_none());
+}