nevaforget/moonset
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit LOW fixes — rejection-path tests, wallpaper-fallback docs (v0.9.1)
Update PKGBUILD version / update-pkgver (push) Successful in 4s
Details

Browse Source 
- Test AccountsService-icon symlink rejection (users.rs)
- Tests for wallpaper symlink/extension/size rejection (config.rs)
- Fix stale 'bundled package wallpaper' fallback docs (README, example config) — bundled tier removed 2026-03-28, actual chain is two-tier
This commit is contained in:
nevaforget
2026-06-17 13:06:15 +02:00
parent 7dae48f6cc
commit 510d45a9b1
7 changed files with 66 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/config.rs
+38
View File
@@ -250,6 +250,44 @@ mod tests {
assert_eq!(result, None);
}
#[test]
fn resolve_rejects_symlinked_config_wallpaper() {
let dir = tempfile::tempdir().unwrap();
let target = dir.path().join("real.jpg");
fs::write(&target, "fake").unwrap();
let link = dir.path().join("link.jpg");
std::os::unix::fs::symlink(&target, &link).unwrap();
let config = Config {
background_path: Some(link.to_str().unwrap().to_string()),
..Config::default()
};
assert_eq!(resolve_background_path_with(&config, Path::new("/nonexistent")), None);
}
#[test]
fn resolve_rejects_disallowed_extension() {
let dir = tempfile::tempdir().unwrap();
let wp = dir.path().join("wallpaper.bmp");
fs::write(&wp, "fake").unwrap();
let config = Config {
background_path: Some(wp.to_str().unwrap().to_string()),
..Config::default()
};
assert_eq!(resolve_background_path_with(&config, Path::new("/nonexistent")), None);
}
#[test]
fn resolve_rejects_oversized_wallpaper() {
let dir = tempfile::tempdir().unwrap();
let wp = dir.path().join("huge.jpg");
fs::write(&wp, vec![0u8; (MAX_WALLPAPER_FILE_SIZE + 1) as usize]).unwrap();
let config = Config {
background_path: Some(wp.to_str().unwrap().to_string()),
..Config::default()
};
assert_eq!(resolve_background_path_with(&config, Path::new("/nonexistent")), None);
}
#[test]
fn load_config_ignores_invalid_toml_syntax() {
let dir = tempfile::tempdir().unwrap();
src/users.rs
+14
View File
@@ -145,6 +145,20 @@ mod tests {
assert!(path.is_none());
}
#[test]
fn rejects_symlink_accountsservice_icon() {
let dir = tempfile::tempdir().unwrap();
let target = dir.path().join("secret");
fs::write(&target, "secret content").unwrap();
let icons_dir = dir.path().join("icons");
fs::create_dir(&icons_dir).unwrap();
let icon = icons_dir.join("testuser");
std::os::unix::fs::symlink(&target, &icon).unwrap();
// No ~/.face, so resolution falls through to the AccountsService branch
let path = get_avatar_path_with(dir.path(), Some("testuser"), &icons_dir);
assert!(path.is_none());
}
#[test]
fn returns_none_when_no_avatar() {
let dir = tempfile::tempdir().unwrap();