Add failing tests for input dimension and path traversal validation

Tests for: - ErrInputTooLarge when input image exceeds MaxInputDimension - ErrPathTraversal for ../, encoded traversal, backslashes, null bytes
2026-01-08 08:48:11 -08:00
parent 857be30e82
commit c964feac7e
4 changed files with 168 additions and 0 deletions
--- a/internal/imgcache/processor_test.go
+++ b/internal/imgcache/processor_test.go
@@ -240,3 +240,74 @@ func TestImageProcessor_SupportedFormats(t *testing.T) {
 		t.Error("SupportedOutputFormats() returned empty slice")
 	}
 }
+
+func TestImageProcessor_RejectsOversizedInput(t *testing.T) {
+	proc := NewImageProcessor()
+	ctx := context.Background()
+
+	// Create an image that exceeds MaxInputDimension (e.g., 10000x100)
+	// This should be rejected before processing to prevent DoS
+	input := createTestJPEG(t, 10000, 100)
+
+	req := &ImageRequest{
+		Size:    Size{Width: 100, Height: 100},
+		Format:  FormatJPEG,
+		Quality: 85,
+		FitMode: FitCover,
+	}
+
+	_, err := proc.Process(ctx, bytes.NewReader(input), req)
+	if err == nil {
+		t.Error("Process() should reject oversized input images")
+	}
+
+	if err != ErrInputTooLarge {
+		t.Errorf("Process() error = %v, want ErrInputTooLarge", err)
+	}
+}
+
+func TestImageProcessor_RejectsOversizedInputHeight(t *testing.T) {
+	proc := NewImageProcessor()
+	ctx := context.Background()
+
+	// Create an image with oversized height
+	input := createTestJPEG(t, 100, 10000)
+
+	req := &ImageRequest{
+		Size:    Size{Width: 100, Height: 100},
+		Format:  FormatJPEG,
+		Quality: 85,
+		FitMode: FitCover,
+	}
+
+	_, err := proc.Process(ctx, bytes.NewReader(input), req)
+	if err == nil {
+		t.Error("Process() should reject oversized input images")
+	}
+
+	if err != ErrInputTooLarge {
+		t.Errorf("Process() error = %v, want ErrInputTooLarge", err)
+	}
+}
+
+func TestImageProcessor_AcceptsMaxDimensionInput(t *testing.T) {
+	proc := NewImageProcessor()
+	ctx := context.Background()
+
+	// Create an image at exactly MaxInputDimension - should be accepted
+	// Using smaller dimensions to keep test fast
+	input := createTestJPEG(t, MaxInputDimension, 100)
+
+	req := &ImageRequest{
+		Size:    Size{Width: 100, Height: 100},
+		Format:  FormatJPEG,
+		Quality: 85,
+		FitMode: FitCover,
+	}
+
+	result, err := proc.Process(ctx, bytes.NewReader(input), req)
+	if err != nil {
+		t.Fatalf("Process() should accept images at MaxInputDimension, got error: %v", err)
+	}
+	defer result.Content.Close()
+}