1  import os
 2  from pathlib import Path
 3  from types import SimpleNamespace
 4  
 5  from tools.file.read_file import _is_path_allowed
 6  
 7  
 8  def test_is_path_allowed_blocks_prefix_path_traversal(tmp_path: Path):
 9      repo_dir = tmp_path / "repo"
10      repo_dir.mkdir()
11  
12      target_file = repo_dir / "../../../../secret.txt"
13  
14      cxt = SimpleNamespace(folder=str(repo_dir))
15      # Path Traversal
16      assert os.path.dirname(target_file).startswith(cxt.folder) is True
17      # Preventing Path Traversal
18      assert _is_path_allowed(str(target_file), cxt) is False