eb434dd08c
- Built-in templates: epic, bug, feature (embedded in binary) - Custom templates in .beads/templates/ (override built-ins) - Commands: bd template list/show/create - Flag: bd create --from-template <name> "Title" - Template fields: description, type, priority, labels, design, acceptance - Security: sanitize template names to prevent path traversal - Flag precedence: explicit flags override template defaults - Tests: template loading, security, flag precedence - Docs: commands/template.md and README.md updated Closes bd-164b Amp-Thread-ID: https://ampcode.com/threads/T-118fe54f-b112-4f99-a3d9-b7df53fb7284 Co-authored-by: Amp <amp@ampcode.com>
45 lines
1.1 KiB
Go
45 lines
1.1 KiB
Go
package main
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestSanitizeTemplateName(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
wantError bool
|
|
}{
|
|
{"valid simple name", "epic", false},
|
|
{"valid with dash", "my-template", false},
|
|
{"valid with underscore", "my_template", false},
|
|
{"path traversal with ../", "../etc/passwd", true},
|
|
{"path traversal with ..", "..", true},
|
|
{"absolute path", "/etc/passwd", true},
|
|
{"relative path", "foo/bar", true},
|
|
{"hidden file", ".hidden", false}, // Hidden files are okay
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := sanitizeTemplateName(tt.input)
|
|
if (err != nil) != tt.wantError {
|
|
t.Errorf("sanitizeTemplateName(%q) error = %v, wantError %v", tt.input, err, tt.wantError)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestLoadTemplatePathTraversal(t *testing.T) {
|
|
// Try to load a template with path traversal
|
|
_, err := loadTemplate("../../../etc/passwd")
|
|
if err == nil {
|
|
t.Error("Expected error for path traversal, got nil")
|
|
}
|
|
|
|
_, err = loadTemplate("foo/bar")
|
|
if err == nil {
|
|
t.Error("Expected error for path with separator, got nil")
|
|
}
|
|
}
|