package com.syncflow.domain.sync

import org.junit.Assert.assertFalse
import org.junit.Assert.assertTrue
import org.junit.Test

/**
 * Path-traversal guard: a hostile/compromised remote must not be able to make the engine read
 * or write outside the sync root via "..", absolute, or separator-smuggled paths.
 */
class PathSafetyTest {

    @Test fun `normal relative paths are allowed`() {
        assertFalse(isUnsafeSyncPath("photo.jpg"))
        assertFalse(isUnsafeSyncPath("sub/dir/photo.jpg"))
        assertFalse(isUnsafeSyncPath("a.b..c/file.txt")) // ".." only inside a name, not a segment
    }

    @Test fun `parent-dir traversal is rejected`() {
        assertTrue(isUnsafeSyncPath(".."))
        assertTrue(isUnsafeSyncPath("../evil"))
        assertTrue(isUnsafeSyncPath("a/../../etc/passwd"))
        assertTrue(isUnsafeSyncPath("sub/../../escape"))
    }

    @Test fun `backslash traversal is rejected`() {
        assertTrue(isUnsafeSyncPath("..\\evil"))
        assertTrue(isUnsafeSyncPath("a\\..\\..\\escape"))
    }

    @Test fun `absolute and empty paths are rejected`() {
        assertTrue(isUnsafeSyncPath("/etc/passwd"))
        assertTrue(isUnsafeSyncPath(""))
        assertTrue(isUnsafeSyncPath("   "))
    }
}