macsync/@packages/shared/Tests/MacSyncSharedTests/AttachmentSecurityTests.swift

import Testing
@testable import MacSyncShared

@Suite("Attachment Path Security")
struct AttachmentPathSecurityTests {
    let homeDir = "/Users/testuser"

    @Test func pathInsideAttachmentsDirAllowed() {
        let path = "/Users/testuser/Library/Messages/Attachments/ab/123/photo.jpg"
        #expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == true)
    }

    @Test func pathWithTildeInsideAttachmentsDirAllowed() {
        let path = "~/Library/Messages/Attachments/ab/123/photo.jpg"
        #expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == true)
    }

    @Test func pathOutsideAttachmentsDirBlocked() {
        let path = "/Users/testuser/Documents/secret.txt"
        #expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == false)
    }

    @Test func pathTraversalBlocked() {
        let path = "/Users/testuser/Library/Messages/Attachments/../../etc/passwd"
        #expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == false)
    }

    @Test func emptyPathBlocked() {
        #expect(ContentTypeMapping.isAllowedAttachmentPath("", homeDirectory: homeDir) == false)
    }
}

@Suite("Content Type Mapping")
struct ContentTypeMappingTests {

    @Test func jpgMapsToImageJpeg() {
        #expect(ContentTypeMapping.contentType(forExtension: "jpg") == "image/jpeg")
        #expect(ContentTypeMapping.contentType(forExtension: "jpeg") == "image/jpeg")
    }

    @Test func pngMapsToImagePng() {
        #expect(ContentTypeMapping.contentType(forExtension: "png") == "image/png")
    }

    @Test func gifMapsCorrectly() {
        #expect(ContentTypeMapping.contentType(forExtension: "gif") == "image/gif")
    }

    @Test func heicMapsCorrectly() {
        #expect(ContentTypeMapping.contentType(forExtension: "heic") == "image/heic")
        #expect(ContentTypeMapping.contentType(forExtension: "heif") == "image/heic")
    }

    @Test func webpMapsCorrectly() {
        #expect(ContentTypeMapping.contentType(forExtension: "webp") == "image/webp")
    }

    @Test func videoMapsCorrectly() {
        #expect(ContentTypeMapping.contentType(forExtension: "mp4") == "video/mp4")
        #expect(ContentTypeMapping.contentType(forExtension: "mov") == "video/quicktime")
    }

    @Test func audioMapsCorrectly() {
        #expect(ContentTypeMapping.contentType(forExtension: "mp3") == "audio/mpeg")
        #expect(ContentTypeMapping.contentType(forExtension: "m4a") == "audio/mp4")
    }

    @Test func pdfMapsCorrectly() {
        #expect(ContentTypeMapping.contentType(forExtension: "pdf") == "application/pdf")
    }

    @Test func unknownExtensionReturnsOctetStream() {
        #expect(ContentTypeMapping.contentType(forExtension: "xyz") == "application/octet-stream")
        #expect(ContentTypeMapping.contentType(forExtension: "bak") == "application/octet-stream")
    }
}
plum baseline: Phase 1/3/4/5 work (BaseSyncManager, SendQueue layer, ireminders, inotes) 2026-05-15 17:05:13 -07:00			`import Testing`
			`@testable import MacSyncShared`

			`@Suite("Attachment Path Security")`
			`struct AttachmentPathSecurityTests {`
			`let homeDir = "/Users/testuser"`

			`@Test func pathInsideAttachmentsDirAllowed() {`
			`let path = "/Users/testuser/Library/Messages/Attachments/ab/123/photo.jpg"`
			`#expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == true)`
			`}`

			`@Test func pathWithTildeInsideAttachmentsDirAllowed() {`
			`let path = "~/Library/Messages/Attachments/ab/123/photo.jpg"`
			`#expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == true)`
			`}`

			`@Test func pathOutsideAttachmentsDirBlocked() {`
			`let path = "/Users/testuser/Documents/secret.txt"`
			`#expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == false)`
			`}`

			`@Test func pathTraversalBlocked() {`
			`let path = "/Users/testuser/Library/Messages/Attachments/../../etc/passwd"`
			`#expect(ContentTypeMapping.isAllowedAttachmentPath(path, homeDirectory: homeDir) == false)`
			`}`

			`@Test func emptyPathBlocked() {`
			`#expect(ContentTypeMapping.isAllowedAttachmentPath("", homeDirectory: homeDir) == false)`
			`}`
			`}`

			`@Suite("Content Type Mapping")`
			`struct ContentTypeMappingTests {`

			`@Test func jpgMapsToImageJpeg() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "jpg") == "image/jpeg")`
			`#expect(ContentTypeMapping.contentType(forExtension: "jpeg") == "image/jpeg")`
			`}`

			`@Test func pngMapsToImagePng() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "png") == "image/png")`
			`}`

			`@Test func gifMapsCorrectly() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "gif") == "image/gif")`
			`}`

			`@Test func heicMapsCorrectly() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "heic") == "image/heic")`
			`#expect(ContentTypeMapping.contentType(forExtension: "heif") == "image/heic")`
			`}`

			`@Test func webpMapsCorrectly() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "webp") == "image/webp")`
			`}`

			`@Test func videoMapsCorrectly() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "mp4") == "video/mp4")`
			`#expect(ContentTypeMapping.contentType(forExtension: "mov") == "video/quicktime")`
			`}`

			`@Test func audioMapsCorrectly() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "mp3") == "audio/mpeg")`
			`#expect(ContentTypeMapping.contentType(forExtension: "m4a") == "audio/mp4")`
			`}`

			`@Test func pdfMapsCorrectly() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "pdf") == "application/pdf")`
			`}`

			`@Test func unknownExtensionReturnsOctetStream() {`
			`#expect(ContentTypeMapping.contentType(forExtension: "xyz") == "application/octet-stream")`
			`#expect(ContentTypeMapping.contentType(forExtension: "bak") == "application/octet-stream")`
			`}`
			`}`