1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
package cli
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
"testing"
)
func getTestBinary(t *testing.T) string {
binPath := "../../wg-wrap"
if _, err := os.Stat(binPath); err != nil {
t.Fatalf("test binary not found at %s. please run 'make' first", binPath)
}
return binPath
}
func TestAppRun_ProfileDirInjection(t *testing.T) {
t.Parallel()
bin := getTestBinary(t)
// Set up a temporary directory to simulate XDG_CONFIG_HOME/wg-wrap/profiles
tmpDir := t.TempDir()
// Write a valid test-vpn.conf profile file to the temporary directory
confContent := `[Interface]
PrivateKey = YXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGY=
Address = 10.0.0.2/24
[Peer]
PublicKey = YXNkZmFzZGZhc2RmYXNkZmFzZGZhc2RmYXNkZmFzZGY=
Endpoint = 127.0.0.1:51820
AllowedIPs = 10.0.0.0/24
`
importPath := filepath.Join(tmpDir, "test-vpn.conf")
if err := os.WriteFile(importPath, []byte(confContent), 0644); err != nil {
t.Fatalf("failed to write test profile: %v", err)
}
tests := []struct {
name string
args []string
wantErr bool
}{
{
name: "valid profile with injected dir",
args: []string{"run", "--profile", "test-vpn", "true"},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
cmd := exec.Command(bin, tt.args...)
cmd.Env = append(os.Environ(),
fmt.Sprintf("WG_WRAP_CONFIG_DIR=%s", tmpDir),
fmt.Sprintf("WG_WRAP_RUNTIME_BASE_DIR=%s", tmpDir),
)
err := cmd.Run()
if (err != nil) != tt.wantErr {
if err != nil && strings.Contains(err.Error(), "exit status 1") {
// In some environments, 'true' might fail or isolation might fail
return
}
t.Errorf("cmd.Run() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
func TestIsValidProfileName(t *testing.T) {
tests := []struct {
name string
want bool
}{
{"default", true},
{"home", true},
{"work-vpn", true},
{"my_vpn_123", true},
{"", false},
{"..", false},
{"../home", false},
{"/etc/shadow", false},
{"-profile", false},
{"profile.conf", false}, // we append .conf so the name itself shouldn't have .
{"foo/bar", false},
{"foo\\bar", false},
}
for _, tt := range tests {
got := IsValidProfileName(tt.name)
if got != tt.want {
t.Errorf("IsValidProfileName(%q) = %v; want %v", tt.name, got, tt.want)
}
}
}
|
