app/src/__tests__/nas-file-manager.test.ts

import { describe, it, expect } from "vitest";
import { NasFileManager } from "../services/nas-file-manager";

describe("NasFileManager path traversal", () => {
  const nas = new NasFileManager();

  describe("deleteItem", () => {
    it("rejects empty path", async () => {
      const result = await nas.deleteItem("PRJ-001", "");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects root path /", async () => {
      const result = await nas.deleteItem("PRJ-001", "/");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects current directory .", async () => {
      const result = await nas.deleteItem("PRJ-001", ".");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects current directory ./", async () => {
      const result = await nas.deleteItem("PRJ-001", "./");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects path traversal ..", async () => {
      const result = await nas.deleteItem("PRJ-001", "../etc/passwd");
      expect(result).toContain("Neplatná cesta");
    });
  });

  describe("moveItem", () => {
    it("rejects empty fromPath", async () => {
      const result = await nas.moveItem("PRJ-001", "", "dest");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects root fromPath /", async () => {
      const result = await nas.moveItem("PRJ-001", "/", "dest");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects current directory .", async () => {
      const result = await nas.moveItem("PRJ-001", ".", "dest");
      expect(result).toContain("kořenovou složku");
    });

    it("rejects path traversal in fromPath", async () => {
      const result = await nas.moveItem("PRJ-001", "../secret", "dest");
      expect(result).toContain("Neplatná cesta");
    });
  });
});