[mirotalksfu] - improve path traversal, update dep

2025-01-31 23:14:43 +01:00
--- a/tests/test-Validator.js
+++ b/tests/test-Validator.js
@@ -93,9 +93,43 @@ describe('test-Validator', () => {
        });

        it('should return true for complex path traversal patterns', () => {
-            checkValidator.hasPathTraversal('....//').should.be.true();
+            checkValidator.hasPathTraversal('..//').should.be.true();
            checkValidator.hasPathTraversal('..\\..\\').should.be.true();
+            checkValidator.hasPathTraversal('../../').should.be.true();
            checkValidator.hasPathTraversal('.../../').should.be.true();
+            checkValidator.hasPathTraversal('....//').should.be.true();
+            checkValidator.hasPathTraversal('..//..//..//').should.be.true();
+        });
+
+        it('should return true for URL-encoded path traversal', () => {
+            checkValidator.hasPathTraversal('%2e%2e%2fRoom').should.be.true();
+            checkValidator.hasPathTraversal('%2e%2e%2f%2e%2e%2fRoom').should.be.true();
+            checkValidator.hasPathTraversal('%252e%252e%252f').should.be.true();
+        });
+
+        it('should return false for valid absolute paths', () => {
+            checkValidator.hasPathTraversal('/etc/passwd').should.be.false();
+            checkValidator.hasPathTraversal('C:\\Windows\\System32').should.be.false();
+        });
+
+        it('should return false for non-traversal relative paths', () => {
+            checkValidator.hasPathTraversal('Room/Room2').should.be.false();
+            checkValidator.hasPathTraversal('C:\\SomeDir\\OtherDir').should.be.false();
+        });
+
+        it('should return false for excessively long path inputs', () => {
+            const longPath = 'Room/'.repeat(1000);
+            checkValidator.hasPathTraversal(longPath).should.be.false();
+        });
+
+        it('should return false for paths with Windows reserved filenames', () => {
+            checkValidator.hasPathTraversal('C:\\CON\\myfile.txt').should.be.false();
+            checkValidator.hasPathTraversal('C:\\NUL\\myfile.txt').should.be.false();
+        });
+
+        it('should return false for valid Windows paths with backslashes', () => {
+            checkValidator.hasPathTraversal('C:\\Program Files\\MyApp').should.be.false();
+            checkValidator.hasPathTraversal('C:\\SomeDir\\OtherDir\\File.txt').should.be.false();
        });
    });
 });