@vibecheckai/cli 3.5.0 → 3.5.2

package/mcp-server/lib/sandbox.test.ts

@@ -0,0 +1,519 @@
+/**
+ * Sandbox Path Security Tests
+ *
+ * Tests for the MCP sandbox module ensuring path security.
+ * Covers: traversal, absolute paths, symlink escapes, exclusions, config overrides.
+ */
+
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import * as path from 'path';
+import * as fs from 'fs';
+import * as os from 'os';
+import {
+  resolveSandboxPath,
+  validateSandboxPaths,
+  getActiveExclusions,
+  configFromRunRequest,
+  validateRunRequest,
+  createSandboxResolver,
+  SandboxConfig,
+  DEFAULT_EXCLUSIONS,
+} from './sandbox';
+
+// Test workspace root
+const TEST_ROOT = path.join(os.tmpdir(), 'sandbox-test-workspace');
+
+describe('sandbox', () => {
+  beforeAll(() => {
+    // Create test workspace structure
+    fs.mkdirSync(TEST_ROOT, { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, 'src'), { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, 'node_modules', 'lodash'), { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, 'dist'), { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, '.git'), { recursive: true });
+
+    // Create test files
+    fs.writeFileSync(path.join(TEST_ROOT, 'src', 'index.ts'), '// test');
+    fs.writeFileSync(path.join(TEST_ROOT, 'package.json'), '{}');
+  });
+
+  afterAll(() => {
+    // Clean up test workspace
+    try {
+      fs.rmSync(TEST_ROOT, { recursive: true, force: true });
+    } catch {
+      // Ignore cleanup errors
+    }
+  });
+
+  const baseConfig: SandboxConfig = {
+    workspaceRoot: TEST_ROOT,
+  };
+
+  // ============================================================
+  // Test Case 1: Valid relative paths should resolve correctly
+  // ============================================================
+  describe('1. Valid relative paths', () => {
+    it('should accept simple relative paths within workspace', () => {
+      const result = resolveSandboxPath('src/index.ts', baseConfig);
+
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'src', 'index.ts'));
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should accept nested relative paths', () => {
+      const result = resolveSandboxPath('src/utils/helpers/format.ts', baseConfig);
+
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'src', 'utils', 'helpers', 'format.ts'));
+    });
+
+    it('should accept paths with dots in filename', () => {
+      const result = resolveSandboxPath('src/config.local.ts', baseConfig);
+
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'src', 'config.local.ts'));
+    });
+  });
+
+  // ============================================================
+  // Test Case 2: Path traversal (..) should be rejected
+  // ============================================================
+  describe('2. Path traversal detection', () => {
+    it('should reject paths with ../ traversal', () => {
+      const result = resolveSandboxPath('../outside-workspace/secret.txt', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+      expect(result.error).toContain('traversal');
+    });
+
+    it('should reject paths with embedded ../', () => {
+      const result = resolveSandboxPath('src/../../etc/passwd', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+
+    it('should reject paths with ..\\  (Windows-style)', () => {
+      const result = resolveSandboxPath('src\\..\\..\\etc\\passwd', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+
+    it('should reject URL-encoded traversal attempts', () => {
+      const result = resolveSandboxPath('src/%2e%2e/secret.txt', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+
+    it('should reject null byte injection', () => {
+      const result = resolveSandboxPath('src/file.txt%00.jpg', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+  });
+
+  // ============================================================
+  // Test Case 3: Absolute paths outside root should be rejected
+  // ============================================================
+  describe('3. Absolute path validation', () => {
+    it('should reject Unix absolute paths outside workspace', () => {
+      const result = resolveSandboxPath('/etc/passwd', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('ABSOLUTE_PATH_OUTSIDE_ROOT');
+      expect(result.error).toContain('escapes workspace root');
+    });
+
+    it('should reject Windows absolute paths outside workspace', () => {
+      const result = resolveSandboxPath('C:\\Windows\\System32\\config', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('ABSOLUTE_PATH_OUTSIDE_ROOT');
+    });
+
+    it('should accept absolute paths within workspace root', () => {
+      const absoluteInside = path.join(TEST_ROOT, 'src', 'index.ts');
+      const result = resolveSandboxPath(absoluteInside, baseConfig);
+
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(absoluteInside);
+    });
+
+    it('should reject UNC paths', () => {
+      const result = resolveSandboxPath('\\\\server\\share\\file.txt', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('ABSOLUTE_PATH_OUTSIDE_ROOT');
+    });
+  });
+
+  // ============================================================
+  // Test Case 4: Symlink escape detection
+  // ============================================================
+  describe('4. Symlink escape detection', () => {
+    const symlinkPath = path.join(TEST_ROOT, 'escape-link');
+    let symlinkCreated = false;
+
+    beforeAll(() => {
+      // Create a symlink pointing outside the workspace
+      try {
+        // Point to parent directory (outside workspace)
+        const targetOutside = os.tmpdir();
+        if (fs.existsSync(symlinkPath)) {
+          fs.unlinkSync(symlinkPath);
+        }
+        fs.symlinkSync(targetOutside, symlinkPath, 'dir');
+        symlinkCreated = true;
+      } catch {
+        // Symlink creation may fail on Windows without admin privileges
+        symlinkCreated = false;
+      }
+    });
+
+    afterAll(() => {
+      if (symlinkCreated) {
+        try {
+          fs.unlinkSync(symlinkPath);
+        } catch {
+          // Ignore
+        }
+      }
+    });
+
+    it('should detect symlink that points outside workspace', () => {
+      if (!symlinkCreated) {
+        // Skip on systems where symlinks cannot be created
+        console.log('Skipping symlink test - symlinks not available');
+        return;
+      }
+
+      const result = resolveSandboxPath('escape-link', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('SYMLINK_ESCAPE');
+      expect(result.error).toContain('Symlink escape');
+    });
+
+    it('should accept symlinks within workspace', () => {
+      const internalSymlink = path.join(TEST_ROOT, 'internal-link');
+
+      try {
+        if (fs.existsSync(internalSymlink)) {
+          fs.unlinkSync(internalSymlink);
+        }
+        fs.symlinkSync(path.join(TEST_ROOT, 'src'), internalSymlink, 'dir');
+
+        const result = resolveSandboxPath('internal-link', baseConfig);
+
+        expect(result.valid).toBe(true);
+        expect(result.resolvedPath).toBeDefined();
+
+        fs.unlinkSync(internalSymlink);
+      } catch {
+        // Skip if symlinks not available
+        console.log('Skipping internal symlink test - symlinks not available');
+      }
+    });
+  });
+
+  // ============================================================
+  // Test Case 5: Default exclusions are enforced
+  // ============================================================
+  describe('5. Default exclusions', () => {
+    it('should reject paths in node_modules by default', () => {
+      const result = resolveSandboxPath('node_modules/lodash/index.js', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+      expect(result.error).toContain('excluded');
+    });
+
+    it('should reject paths in dist by default', () => {
+      const result = resolveSandboxPath('dist/bundle.js', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+
+    it('should reject paths in .git by default', () => {
+      const result = resolveSandboxPath('.git/config', baseConfig);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+
+    it('should reject paths in build, .next, out, coverage', () => {
+      const paths = ['build/app.js', '.next/static/chunks', 'out/index.html', 'coverage/lcov.info'];
+
+      for (const p of paths) {
+        const result = resolveSandboxPath(p, baseConfig);
+        expect(result.valid).toBe(false);
+        expect(result.errorCode).toBe('EXCLUDED_PATH');
+      }
+    });
+
+    it('should include all expected default exclusions', () => {
+      expect(DEFAULT_EXCLUSIONS).toContain('node_modules/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('venv/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.venv/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('dist/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('build/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.next/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('out/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('coverage/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.git/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.cache/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.turbo/**');
+    });
+  });
+
+  // ============================================================
+  // Test Case 6: Config override - includeThirdParty
+  // ============================================================
+  describe('6. Config override: includeThirdParty', () => {
+    it('should allow node_modules when includeThirdParty is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+      };
+
+      const result = resolveSandboxPath('node_modules/lodash/index.js', config);
+
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'node_modules', 'lodash', 'index.js'));
+    });
+
+    it('should allow venv when includeThirdParty is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+      };
+
+      const result = resolveSandboxPath('venv/lib/python3.9/site-packages', config);
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should still exclude dist when only includeThirdParty is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+      };
+
+      const result = resolveSandboxPath('dist/bundle.js', config);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+  });
+
+  // ============================================================
+  // Test Case 7: Config override - includeGenerated
+  // ============================================================
+  describe('7. Config override: includeGenerated', () => {
+    it('should allow dist when includeGenerated is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeGenerated: true,
+      };
+
+      const result = resolveSandboxPath('dist/bundle.js', config);
+
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'dist', 'bundle.js'));
+    });
+
+    it('should allow build, .next, out when includeGenerated is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeGenerated: true,
+      };
+
+      expect(resolveSandboxPath('build/app.js', config).valid).toBe(true);
+      expect(resolveSandboxPath('.next/static/chunks/main.js', config).valid).toBe(true);
+      expect(resolveSandboxPath('out/index.html', config).valid).toBe(true);
+    });
+
+    it('should still exclude node_modules when only includeGenerated is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeGenerated: true,
+      };
+
+      const result = resolveSandboxPath('node_modules/lodash/index.js', config);
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+
+    it('should allow both when both flags are true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+        includeGenerated: true,
+      };
+
+      expect(resolveSandboxPath('node_modules/lodash/index.js', config).valid).toBe(true);
+      expect(resolveSandboxPath('dist/bundle.js', config).valid).toBe(true);
+    });
+  });
+
+  // ============================================================
+  // Test Case 8: RunRequest integration with config overrides
+  // ============================================================
+  describe('8. RunRequest integration', () => {
+    it('should create config from RunRequest with defaults', () => {
+      const config = configFromRunRequest({}, TEST_ROOT);
+
+      expect(config.workspaceRoot).toBe(TEST_ROOT);
+      expect(config.includeThirdParty).toBe(false);
+      expect(config.includeGenerated).toBe(false);
+    });
+
+    it('should honor RunRequest.includeThirdParty', () => {
+      const config = configFromRunRequest(
+        { includeThirdParty: true },
+        TEST_ROOT
+      );
+
+      expect(config.includeThirdParty).toBe(true);
+
+      const result = resolveSandboxPath('node_modules/react/index.js', config);
+      expect(result.valid).toBe(true);
+    });
+
+    it('should honor RunRequest.includeGenerated', () => {
+      const config = configFromRunRequest(
+        { includeGenerated: true },
+        TEST_ROOT
+      );
+
+      expect(config.includeGenerated).toBe(true);
+
+      const result = resolveSandboxPath('dist/main.js', config);
+      expect(result.valid).toBe(true);
+    });
+
+    it('should validate single path from RunRequest', () => {
+      const result = validateRunRequest(
+        { path: 'src/index.ts' },
+        TEST_ROOT
+      );
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should validate multiple paths from RunRequest', () => {
+      const result = validateRunRequest(
+        { paths: ['src/index.ts', 'src/utils.ts'] },
+        TEST_ROOT
+      );
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should fail RunRequest with invalid path', () => {
+      const result = validateRunRequest(
+        { path: '../../../etc/passwd' },
+        TEST_ROOT
+      );
+
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain('traversal');
+    });
+
+    it('should use projectPath from RunRequest as workspace root', () => {
+      const customRoot = path.join(os.tmpdir(), 'custom-workspace');
+      fs.mkdirSync(customRoot, { recursive: true });
+
+      try {
+        const result = validateRunRequest(
+          {
+            path: 'src/file.ts',
+            projectPath: customRoot,
+          },
+          TEST_ROOT
+        );
+
+        expect(result.valid).toBe(true);
+        // Should resolve under customRoot, not TEST_ROOT
+      } finally {
+        fs.rmSync(customRoot, { recursive: true, force: true });
+      }
+    });
+  });
+
+  // ============================================================
+  // Additional utility tests
+  // ============================================================
+  describe('Utility functions', () => {
+    it('getActiveExclusions returns correct patterns based on config', () => {
+      const baseExclusions = getActiveExclusions(baseConfig);
+
+      expect(baseExclusions).toContain('node_modules/**');
+      expect(baseExclusions).toContain('dist/**');
+      expect(baseExclusions).toContain('.git/**');
+
+      const withThirdParty = getActiveExclusions({ ...baseConfig, includeThirdParty: true });
+      expect(withThirdParty).not.toContain('node_modules/**');
+      expect(withThirdParty).toContain('dist/**');
+
+      const withGenerated = getActiveExclusions({ ...baseConfig, includeGenerated: true });
+      expect(withGenerated).toContain('node_modules/**');
+      expect(withGenerated).not.toContain('dist/**');
+    });
+
+    it('validateSandboxPaths validates multiple paths and collects errors', () => {
+      const { valid, results, errors } = validateSandboxPaths(
+        ['src/good.ts', '../bad.ts', 'node_modules/pkg'],
+        baseConfig
+      );
+
+      expect(valid).toBe(false);
+      expect(results.size).toBe(3);
+      expect(errors.length).toBe(2); // traversal + exclusion
+
+      expect(results.get('src/good.ts')?.valid).toBe(true);
+      expect(results.get('../bad.ts')?.valid).toBe(false);
+      expect(results.get('node_modules/pkg')?.valid).toBe(false);
+    });
+
+    it('createSandboxResolver creates reusable resolver', () => {
+      const resolver = createSandboxResolver(baseConfig);
+
+      expect(resolver('src/index.ts').valid).toBe(true);
+      expect(resolver('../escape.txt').valid).toBe(false);
+      expect(resolver('node_modules/pkg').valid).toBe(false);
+    });
+
+    it('rejects invalid workspace root', () => {
+      const result = resolveSandboxPath('src/file.ts', {
+        workspaceRoot: 'relative/path', // Not absolute
+      });
+
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('INVALID_ROOT');
+    });
+
+    it('allowlist overrides exclusions', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        allowlist: ['node_modules/allowed-pkg/**'],
+      };
+
+      // Allowed package should pass
+      const allowed = resolveSandboxPath('node_modules/allowed-pkg/index.js', config);
+      expect(allowed.valid).toBe(true);
+
+      // Other packages still blocked
+      const blocked = resolveSandboxPath('node_modules/other-pkg/index.js', config);
+      expect(blocked.valid).toBe(false);
+    });
+  });
+});