From 9b6c8ce411a4aadfa22b52b5fafb10bf7d9484b1 Mon Sep 17 00:00:00 2001
From: mudler <mudler@mocaccino.org>
Date: Fri, 19 May 2023 01:06:36 +0200
Subject: [PATCH] tests: fixups

---
 pkg/gallery/models.go      | 13 +------------
 pkg/gallery/models_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/pkg/gallery/models.go b/pkg/gallery/models.go
index f3507364..8c61380c 100644
--- a/pkg/gallery/models.go
+++ b/pkg/gallery/models.go
@@ -89,18 +89,7 @@ func inTrustedRoot(path string, trustedRoot string) error {
 
 func verifyPath(path, basePath string) error {
 	c := filepath.Clean(filepath.Join(basePath, path))
-
-	r, err := filepath.EvalSymlinks(c)
-	if err != nil {
-		return fmt.Errorf("unsafe or invalid path specified")
-	}
-
-	err = inTrustedRoot(r, basePath)
-	if err != nil {
-		return fmt.Errorf("unsafe or invalid path specified")
-	}
-
-	return nil
+	return inTrustedRoot(c, basePath)
 }
 
 func Apply(basePath, nameOverride string, config *Config) error {
diff --git a/pkg/gallery/models_test.go b/pkg/gallery/models_test.go
index 123948ad..980b3a96 100644
--- a/pkg/gallery/models_test.go
+++ b/pkg/gallery/models_test.go
@@ -26,5 +26,30 @@ var _ = Describe("Model test", func() {
 				Expect(err).ToNot(HaveOccurred())
 			}
 		})
+		It("renames model correctly", func() {
+			tempdir, err := os.MkdirTemp("", "test")
+			Expect(err).ToNot(HaveOccurred())
+			defer os.RemoveAll(tempdir)
+			c, err := ReadConfigFile(filepath.Join(os.Getenv("FIXTURES"), "gallery_simple.yaml"))
+			Expect(err).ToNot(HaveOccurred())
+
+			err = Apply(tempdir, "foo", c)
+			Expect(err).ToNot(HaveOccurred())
+
+			for _, f := range []string{"cerebras", "cerebras-completion.tmpl", "cerebras-chat.tmpl", "foo.yaml"} {
+				_, err = os.Stat(filepath.Join(tempdir, f))
+				Expect(err).ToNot(HaveOccurred())
+			}
+		})
+		It("catches path traversals", func() {
+			tempdir, err := os.MkdirTemp("", "test")
+			Expect(err).ToNot(HaveOccurred())
+			defer os.RemoveAll(tempdir)
+			c, err := ReadConfigFile(filepath.Join(os.Getenv("FIXTURES"), "gallery_simple.yaml"))
+			Expect(err).ToNot(HaveOccurred())
+
+			err = Apply(tempdir, "../../../foo", c)
+			Expect(err).To(HaveOccurred())
+		})
 	})
 })