~repos /rust-embed
git clone https://pyrossh.dev/repos/rust-embed.git
rust macro which loads files into the rust binary at compile time during release and loads the file from the fs during dev.
23c8cbf2
—
Buckram 1 year ago
add symlink traversal attack test
tests/path_traversal_attack.rs
CHANGED
|
@@ -11,3 +11,17 @@ struct Assets;
|
|
|
11
11
|
fn path_traversal_attack_fails() {
|
|
12
12
|
assert!(Assets::get("../basic.rs").is_none());
|
|
13
13
|
}
|
|
14
|
+
|
|
15
|
+
#[derive(RustEmbed)]
|
|
16
|
+
#[folder = "examples/axum-spa/"]
|
|
17
|
+
struct AxumAssets;
|
|
18
|
+
|
|
19
|
+
// TODO:
|
|
20
|
+
/// Prevent attempts to access symlinks outside of the embedded folder.
|
|
21
|
+
/// This is mainly a concern when running in debug mode, since that loads from
|
|
22
|
+
/// the file system at runtime.
|
|
23
|
+
#[test]
|
|
24
|
+
#[ignore = "see https://github.com/pyrossh/rust-embed/pull/235"]
|
|
25
|
+
fn path_traversal_attack_symlink_fails() {
|
|
26
|
+
assert!(Assets::get("../public/symlinks/main.js").is_none());
|
|
27
|
+
}
|