Summary
The path_escaper has 4 tests covering basic traversal attacks, but several edge cases are untested.
What to do
Add test methods to the TestPathEscaper class in tests/test_escapers.py:
- Multiple consecutive slashes —
path_escaper("foo///bar") should normalize
- Dot-only inputs —
path_escaper("..") and path_escaper(".") alone
- Dots within filenames —
path_escaper("file..txt") and path_escaper("..hidden") should be preserved (not path components)
- Encoded traversal artifacts —
path_escaper("foo\x00/../bar") (null byte + traversal)
- Trailing traversal —
path_escaper("foo/bar/../../")
If any test reveals a bug, note it in the PR — fixing it is a bonus but not required.
Files
tests/test_escapers.py — add to TestPathEscaper
Hints
- Read
src/navi_sanitize/escapers/_path.py to understand the regex logic
- Note that
path_escaper runs after the main pipeline (null bytes are already stripped by then), but test the escaper in isolation too
- Run tests with:
uv run pytest tests/test_escapers.py -v --benchmark-disable
Summary
The
path_escaperhas 4 tests covering basic traversal attacks, but several edge cases are untested.What to do
Add test methods to the
TestPathEscaperclass intests/test_escapers.py:path_escaper("foo///bar")should normalizepath_escaper("..")andpath_escaper(".")alonepath_escaper("file..txt")andpath_escaper("..hidden")should be preserved (not path components)path_escaper("foo\x00/../bar")(null byte + traversal)path_escaper("foo/bar/../../")If any test reveals a bug, note it in the PR — fixing it is a bonus but not required.
Files
tests/test_escapers.py— add toTestPathEscaperHints
src/navi_sanitize/escapers/_path.pyto understand the regex logicpath_escaperruns after the main pipeline (null bytes are already stripped by then), but test the escaper in isolation toouv run pytest tests/test_escapers.py -v --benchmark-disable