let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(macos): boost Clawdis coverage to 40%

Browse Source
This commit is contained in:
Peter Steinberger
2025-12-14 04:30:45 +00:00
parent 845b26a73b
commit 3ef910d23e
26 changed files with 1089 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/macos/Sources/Clawdis/WebChatServer.swift
View File

@@ -81,6 +81,15 @@ final class WebChatServer: @unchecked Sendable {
}
}
func stop() {
self.queue.async {
self.listener?.cancel()
self.listener = nil
self.root = nil
self.port = nil
}
}
/// Returns the base URL once the server is ready, otherwise nil.
func baseURL() -> URL? {
var url: URL?
@@ -174,8 +183,10 @@ final class WebChatServer: @unchecked Sendable {
}
let fileURL = root.appendingPathComponent(path)
webChatServerLogger.debug("WebChatServer resolved file=\(fileURL.path, privacy: .public)")
// Simple directory traversal guard: served files must live under the bundled web root.
guard fileURL.path.hasPrefix(root.path) else {
// Directory traversal + symlink escape guard: served files must resolve under the bundled web root.
let rootPath = root.standardizedFileURL.resolvingSymlinksInPath().path
let resolvedPath = fileURL.standardizedFileURL.resolvingSymlinksInPath().path
guard resolvedPath == rootPath || resolvedPath.hasPrefix(rootPath + "/") else {
let forbidden = Data("Forbidden".utf8)
self.send(
status: 403,