tim/kangkang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

harden(persistence): FileVault path traversal guard + error unification

Browse Source 
按 code quality review 反馈(P0 + 4×P1):
- 加 resolveSafePath() 拒绝 / 和 .. 并验证 hasPrefix(rootURL)
- loadImage/remove 统一抛 FileVaultError(readFailed/removeFailed)
- 删除测试 struct 上多余的 @MainActor
- 每个 @Test 加 defer cleanup,不泄漏 temp 目录
- 测试图片改用生成 16x16 红色,不依赖 SF Symbol

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
link2026
2026-05-25 15:06:49 +08:00
parent d704a9eb78
commit 0739ccea2b
2 changed files with 46 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
体己Tests/FileVaultTests.swift
View File

@@ -2,7 +2,6 @@ import Testing
import UIKit
@testable import
@MainActor
struct FileVaultTests {
private func makeIsolatedVault() throws -> FileVault {
@@ -11,9 +10,19 @@ struct FileVaultTests {
return try FileVault(rootURL: temp)
}
private func makeTestImage() -> UIImage {
let size = CGSize(width: 16, height: 16)
let renderer = UIGraphicsImageRenderer(size: size)
return renderer.image { ctx in
UIColor.red.setFill()
ctx.fill(CGRect(origin: .zero, size: size))
}
}
@Test func writeAndReadJPEGRoundtrip() throws {
let vault = try makeIsolatedVault()
let image = UIImage(systemName: "doc")!
defer { try? FileManager.default.removeItem(at: vault.rootURL) }
let image = makeTestImage()
let saved = try vault.writeJPEG(image, quality: 0.8)
@@ -26,7 +35,8 @@ struct FileVaultTests {
@Test func removeMakesFileGone() throws {
let vault = try makeIsolatedVault()
let saved = try vault.writeJPEG(UIImage(systemName: "doc")!)
defer { try? FileManager.default.removeItem(at: vault.rootURL) }
let saved = try vault.writeJPEG(makeTestImage())
try vault.remove(relativePath: saved.relativePath)
@@ -37,8 +47,9 @@ struct FileVaultTests {
@Test func wipeRemovesAllFiles() throws {
let vault = try makeIsolatedVault()
let a = try vault.writeJPEG(UIImage(systemName: "doc")!)
let b = try vault.writeJPEG(UIImage(systemName: "folder")!)
defer { try? FileManager.default.removeItem(at: vault.rootURL) }
let a = try vault.writeJPEG(makeTestImage())
let b = try vault.writeJPEG(makeTestImage())
try vault.wipe()