+1 -1

internal/ui/model.go

reviewed

··· 3466 3466 // If magic-byte detection returns something outside the expected prefix, the file is suspicious. 3467 3467 var expectedMimePrefix = map[string]string{ 3468 3468 ".png": "image/", ".jpg": "image/", ".jpeg": "image/", ".gif": "image/", 3469 3469 - ".webp": "image/", ".svg": "image/", ".bmp": "image/", ".ico": "image/", 3469 3469 + ".webp": "image/", ".bmp": "image/", ".ico": "image/", 3470 3470 ".pdf": "application/pdf", 3471 3471 ".zip": "application/zip", ".gz": "application/", 3472 3472 ".doc": "application/", ".docx": "application/", ".xls": "application/", ".xlsx": "application/",

+114

internal/ui/model_test.go

reviewed

··· 1 1 package ui 2 2 3 3 import ( 4 4 + "net/http" 4 5 "reflect" 5 6 "strings" 6 7 "testing" ··· 617 618 }) 618 619 } 619 620 } 621 621 + 622 622 + func TestIsMimeMismatch(t *testing.T) { 623 623 + tests := []struct { 624 624 + name string 625 625 + ext string 626 626 + detected string 627 627 + want bool 628 628 + }{ 629 629 + // Disguised files — should be flagged 630 630 + {"sh disguised as png", ".png", "text/plain; charset=utf-8", true}, 631 631 + {"html disguised as jpg", ".jpg", "text/html; charset=utf-8", true}, 632 632 + {"elf binary as pdf", ".pdf", "application/octet-stream", true}, 633 633 + {"script as gif", ".gif", "text/plain; charset=utf-8", true}, 634 634 + 635 635 + // Legitimate files — should pass 636 636 + {"real png", ".png", "image/png", false}, 637 637 + {"real jpg", ".jpg", "image/jpeg", false}, 638 638 + {"real gif", ".gif", "image/gif", false}, 639 639 + {"real pdf", ".pdf", "application/pdf", false}, 640 640 + {"real zip", ".zip", "application/zip", false}, 641 641 + {"real mp3", ".mp3", "audio/mpeg", false}, 642 642 + {"real mp4", ".mp4", "video/mp4", false}, 643 643 + 644 644 + // Unknown extensions — can't validate, should pass through 645 645 + {"unknown ext .xyz", ".xyz", "text/plain; charset=utf-8", false}, 646 646 + {"unknown ext .foo", ".foo", "application/octet-stream", false}, 647 647 + } 648 648 + for _, tt := range tests { 649 649 + t.Run(tt.name, func(t *testing.T) { 650 650 + got := isMimeMismatch(tt.ext, tt.detected) 651 651 + if got != tt.want { 652 652 + t.Errorf("isMimeMismatch(%q, %q) = %v, want %v", tt.ext, tt.detected, got, tt.want) 653 653 + } 654 654 + }) 655 655 + } 656 656 + } 657 657 + 658 658 + func TestDangerousExts(t *testing.T) { 659 659 + // Verify known dangerous extensions are in the blocklist. 660 660 + dangerous := []string{".sh", ".exe", ".desktop", ".bat", ".py", ".jar", ".ps1"} 661 661 + for _, ext := range dangerous { 662 662 + if !dangerousExts[ext] { 663 663 + t.Errorf("expected %q in dangerousExts", ext) 664 664 + } 665 665 + } 666 666 + // Verify safe extensions are NOT in the blocklist. 667 667 + safe := []string{".png", ".jpg", ".pdf", ".txt", ".html", ".md"} 668 668 + for _, ext := range safe { 669 669 + if dangerousExts[ext] { 670 670 + t.Errorf("unexpected %q in dangerousExts", ext) 671 671 + } 672 672 + } 673 673 + } 674 674 + 675 675 + func TestMimeMismatchWithRealBytes(t *testing.T) { 676 676 + // Simulate real magic-byte detection scenarios using net/http.DetectContentType. 677 677 + tests := []struct { 678 678 + name string 679 679 + ext string 680 680 + data []byte // fake file content 681 681 + wantBad bool 682 682 + }{ 683 683 + { 684 684 + name: "bash script disguised as .png", 685 685 + ext: ".png", 686 686 + data: []byte("#!/bin/bash\necho hello\n"), 687 687 + wantBad: true, 688 688 + }, 689 689 + { 690 690 + name: "python script disguised as .jpg", 691 691 + ext: ".jpg", 692 692 + data: []byte("#!/usr/bin/env python3\nprint('hello')\n"), 693 693 + wantBad: true, 694 694 + }, 695 695 + { 696 696 + name: "html with script disguised as .pdf", 697 697 + ext: ".pdf", 698 698 + data: []byte("<html><body>harmless content</body></html>"), 699 699 + wantBad: true, 700 700 + }, 701 701 + { 702 702 + name: "real PNG file (magic bytes)", 703 703 + ext: ".png", 704 704 + // PNG magic: 89 50 4E 47 0D 0A 1A 0A 705 705 + data: []byte{0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A, 0x00, 0x00}, 706 706 + wantBad: false, 707 707 + }, 708 708 + { 709 709 + name: "real PDF file (magic bytes)", 710 710 + ext: ".pdf", 711 711 + // PDF magic: %PDF- 712 712 + data: []byte("%PDF-1.4 fake pdf content here"), 713 713 + wantBad: false, 714 714 + }, 715 715 + { 716 716 + name: "real GIF file (magic bytes)", 717 717 + ext: ".gif", 718 718 + // GIF magic: GIF89a 719 719 + data: []byte("GIF89a" + strings.Repeat("\x00", 100)), 720 720 + wantBad: false, 721 721 + }, 722 722 + } 723 723 + for _, tt := range tests { 724 724 + t.Run(tt.name, func(t *testing.T) { 725 725 + detected := http.DetectContentType(tt.data) 726 726 + got := isMimeMismatch(tt.ext, detected) 727 727 + if got != tt.wantBad { 728 728 + t.Errorf("isMimeMismatch(%q, %q) = %v, want %v (data: %q...)", 729 729 + tt.ext, detected, got, tt.wantBad, string(tt.data[:min(20, len(tt.data))])) 730 730 + } 731 731 + }) 732 732 + } 733 733 + }