is-safe-target.test.ts — ui Source File

Architecture documentation for is-safe-target.test.ts, a typescript file in the ui codebase. 3 imports, 0 dependents.

File typescript FrameworkTooling 3 imports

Entity Profile

FrameworkTooling→ is-safe-target.test.ts — ui Source File

Dependency Diagram

graph LR
  31387fd2_2372_403a_15d2_35d61c9d75ef["is-safe-target.test.ts"]
  22d57e3f_c7a1_875c_b20f_1abd5aa38b48["is-safe-target.ts"]
  31387fd2_2372_403a_15d2_35d61c9d75ef --> 22d57e3f_c7a1_875c_b20f_1abd5aa38b48
  c9c09f41_8300_8c29_1c8d_e7e4c7dfe4ec["isSafeTarget"]
  31387fd2_2372_403a_15d2_35d61c9d75ef --> c9c09f41_8300_8c29_1c8d_e7e4c7dfe4ec
  c8d55bee_7008_1e1f_317b_8dc47b31b6a8["vitest"]
  31387fd2_2372_403a_15d2_35d61c9d75ef --> c8d55bee_7008_1e1f_317b_8dc47b31b6a8
  style 31387fd2_2372_403a_15d2_35d61c9d75ef fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

import { describe, expect, test } from "vitest"

import { isSafeTarget } from "./is-safe-target"

describe("isSafeTarget", () => {
  const cwd = "/foo/bar"

  describe("should reject path traversal attempts", () => {
    test.each([
      {
        description: "basic path traversal with ../",
        target: "../../etc/passwd",
      },
      {
        description: "nested path traversal",
        target: "ui/../../../etc/hosts",
      },
      {
        description: "path traversal with ~/../",
        target: "~/../../../.ssh/authorized_keys",
      },
      {
        description: "absolute paths outside project",
        target: "/etc/passwd",
      },
      {
        description: "paths that resolve outside project root",
        target: "foo/bar/../../../../etc/passwd",
      },
      {
        description: "URL-encoded path traversal",
        target: "%2e%2e%2f%2e%2e%2fetc%2fpasswd",
      },
      {
        description: "double URL-encoded sequences",
        target: "%252e%252e%252fetc%252fpasswd",
      },
      {
        description: "mixed encoded/plain traversal",
        target: "..%2f..%2fetc%2fpasswd",
      },
      {
        description: "null byte injection",
        target: "valid/path\0../../etc/passwd",
      },
      {
        description: "Windows-style path traversal",
        target: "..\\..\\Windows\\System32\\config",
      },
      {
        description: "Windows absolute paths",
        target: "C:\\Windows\\System32\\drivers\\etc\\hosts",
      },
      {
        description: "mixed separator traversal",
        target: "foo\\..\\../etc/passwd",
      },
      {
        description: "current directory reference attacks",
        target: "foo/./././../../../etc/passwd",
// ... (97 more lines)

Domain

FrameworkTooling

Dependencies

Source

View on GitHub

Frequently Asked Questions

What does is-safe-target.test.ts do?

is-safe-target.test.ts is a source file in the ui codebase, written in typescript. It belongs to the FrameworkTooling domain.

What does is-safe-target.test.ts depend on?

is-safe-target.test.ts imports 3 module(s): is-safe-target.ts, isSafeTarget, vitest.

Where is is-safe-target.test.ts in the architecture?

is-safe-target.test.ts is located at packages/shadcn/src/utils/is-safe-target.test.ts (domain: FrameworkTooling, directory: packages/shadcn/src/utils).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free