exec-server/src/sandboxed_file_system_path_uri_tests.rs
43 lines
use codex_protocol::models::PermissionProfile;use codex_protocol::permissions::FileSystemSandboxPolicy;use codex_protocol::permissions::NetworkSandboxPolicy;use codex_utils_path_uri::PathUri;use pretty_assertions::assert_eq;use tokio::io;use super::*;#[tokio::test]async fn sandboxed_file_system_rejects_non_native_uri_as_invalid_input() { let runtime_paths = ExecServerRuntimePaths::new( std::env::current_exe().expect("current exe"), /*codex_linux_sandbox_exe*/ None, ) .expect("runtime paths"); let file_system = SandboxedFileSystem::new(runtime_paths); let sandbox = FileSystemSandboxContext::from_permission_profile( PermissionProfile::from_runtime_permissions( &FileSystemSandboxPolicy::restricted(Vec::new()), NetworkSandboxPolicy::Restricted, ), ); let error = file_system .read_file(&non_native_uri(), Some(&sandbox)) .await .expect_err("non-native URI should be rejected"); assert_eq!(error.kind(), io::ErrorKind::InvalidInput);}fn non_native_uri() -> PathUri { #[cfg(unix)] let uri = "file://server/share/file.txt"; #[cfg(windows)] let uri = "file:///usr/local/file.txt"; match PathUri::parse(uri) { Ok(uri) => uri, Err(err) => panic!("valid non-native URI should parse: {err}"), }}