johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9c1bf7d4eac8ee45f75f78deb46ec59425931ba2
beads/cmd/bd/doctor/fix/common.go
Ryan 3c08e5eb9d DOCTOR IMPROVEMENTS: visual improvements/grouping + add comprehensive tests + fix gosec warnings (#656) 
* test(doctor): add comprehensive tests for fix and check functions

Add edge case tests, e2e tests, and improve test coverage for:
- database_test.go: database integrity and sync checks
- git_test.go: git hooks, merge driver, sync branch tests
- gitignore_test.go: gitignore validation
- prefix_test.go: ID prefix handling
- fix/fix_test.go: fix operations
- fix/e2e_test.go: end-to-end fix scenarios
- fix/fix_edge_cases_test.go: edge case handling

* docs: add testing philosophy and anti-patterns guide

- Create TESTING_PHILOSOPHY.md covering test pyramid, priority matrix,
  what NOT to test, and 5 anti-patterns with code examples
- Add cross-reference from README_TESTING.md
- Document beads-specific guidance (well-covered areas vs gaps)
- Include target metrics (test-to-code ratio, execution time targets)

* chore: revert .beads/ to upstream/main state

* refactor(doctor): add category grouping and Ayu theme colors

- Add Category field to DoctorCheck for organizing checks by type
- Define category constants: Core, Git, Runtime, Data, Integration, Metadata
- Update thanks command to use shared Ayu color palette from internal/ui
- Simplify test fixtures by removing redundant test cases

* fix(doctor): prevent test fork bomb and fix test failures

- Add ErrTestBinary guard in getBdBinary() to prevent tests from
  recursively executing the test binary when calling bd subcommands
- Update claude_test.go to use new check names (CLI Availability,
  Prime Documentation)
- Fix syncbranch test path comparison by resolving symlinks
  (/var vs /private/var on macOS)
- Fix permissions check to use exact comparison instead of bitmask
- Fix UntrackedJSONL to use git commit --only to preserve staged changes
- Fix MergeDriver edge case test by making both .git dir and config
  read-only
- Add skipIfTestBinary helper for E2E tests that need real bd binary

* test(doctor): skip read-only config test in CI environments

GitHub Actions containers may have CAP_DAC_OVERRIDE or similar
capabilities that allow writing to read-only files, causing
the test to fail. Skip the test when CI=true or GITHUB_ACTIONS=true.
2025-12-20 03:10:06 -08:00

104 lines
3.0 KiB
Go
Raw Blame History

package fix
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
)
// ErrTestBinary is returned when getBdBinary detects it's running as a test binary.
// This prevents fork bombs when tests call functions that execute bd subcommands.
var ErrTestBinary = fmt.Errorf("running as test binary - cannot execute bd subcommands")
// getBdBinary returns the path to the bd binary to use for fix operations.
// It prefers the current executable to avoid command injection attacks.
// Returns ErrTestBinary if running as a test binary to prevent fork bombs.
func getBdBinary() (string, error) {
// Prefer current executable for security
exe, err := os.Executable()
if err == nil {
// Resolve symlinks to get the real binary path
realPath, err := filepath.EvalSymlinks(exe)
if err == nil {
exe = realPath
}
// Check if we're running as a test binary - this prevents fork bombs
// when tests call functions that execute bd subcommands
baseName := filepath.Base(exe)
if strings.HasSuffix(baseName, ".test") || strings.Contains(baseName, ".test.") {
return "", ErrTestBinary
}
return exe, nil
}
// Fallback to PATH lookup with validation
bdPath, err := exec.LookPath("bd")
if err != nil {
return "", fmt.Errorf("bd binary not found in PATH: %w", err)
}
return bdPath, nil
}
// validateBeadsWorkspace ensures the path is a valid beads workspace before
// attempting any fix operations. This prevents path traversal attacks.
func validateBeadsWorkspace(path string) error {
// Convert to absolute path
absPath, err := filepath.Abs(path)
if err != nil {
return fmt.Errorf("invalid path: %w", err)
}
// Check for .beads directory
beadsDir := filepath.Join(absPath, ".beads")
if _, err := os.Stat(beadsDir); os.IsNotExist(err) {
return fmt.Errorf("not a beads workspace: .beads directory not found at %s", absPath)
}
return nil
}
// safeWorkspacePath resolves relPath within the workspace root and ensures it
// cannot escape the workspace via path traversal.
func safeWorkspacePath(root, relPath string) (string, error) {
absRoot, err := filepath.Abs(root)
if err != nil {
return "", fmt.Errorf("invalid workspace path: %w", err)
}
cleanRel := filepath.Clean(relPath)
if filepath.IsAbs(cleanRel) {
return "", fmt.Errorf("expected relative path, got absolute: %s", relPath)
}
joined := filepath.Join(absRoot, cleanRel)
rel, err := filepath.Rel(absRoot, joined)
if err != nil {
return "", fmt.Errorf("failed to resolve path: %w", err)
}
if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
return "", fmt.Errorf("path escapes workspace: %s", relPath)
}
return joined, nil
}
// isWithinWorkspace reports whether candidate resides within the workspace root.
func isWithinWorkspace(root, candidate string) bool {
cleanRoot, err := filepath.Abs(root)
if err != nil {
return false
}
cleanCandidate := filepath.Clean(candidate)
rel, err := filepath.Rel(cleanRoot, cleanCandidate)
if err != nil {
return false
}
return rel == "." || (rel != ".." && !strings.HasPrefix(rel, ".."+string(os.PathSeparator)))
}
Reference in New Issue View Git Blame Copy Permalink