Skip to content

test(application-server): add tests for security-critical sandbox and delivery paths #906

New issue
New issue
Open
#915
Open
test(application-server): add tests for security-critical sandbox and delivery paths#906
#915
Labels
application-serverSpring Boot server: APIs, business logic, database
Milestone
1.0.0
@FelixTJDietrich

Description

@FelixTJDietrich
FelixTJDietrich
opened on Mar 23, 2026

Context

Found during PE audit of PR #892. Several security-critical code paths lack dedicated tests:

  1. SandboxWorkspaceManager.validateDirectoryMount() — path traversal prevention
  2. AgentJobService.retryDelivery() — retry logic for failed deliveries
  3. UNSAFE_MARKDOWN_LINK regex in PullRequestCommentPoster — XSS prevention in PR comments
  4. Git security env vars in DockerSandboxAdapter — config blocklist

Scope

Write focused unit tests for each of the 4 paths:

  • Path traversal: symlinks, ../ sequences, absolute paths outside allowed root
  • Retry: idempotency, max retries, state transitions
  • Markdown sanitization: malicious links, JS injection, nested markdown
  • Git env vars: verify all blocked configs present in container env

Files

File Change
SandboxWorkspaceManagerTest.java NEW or MODIFY
AgentJobServiceTest.java NEW or MODIFY
PullRequestCommentPosterTest.java NEW or MODIFY
DockerSandboxAdapterTest.java NEW or MODIFY

Verification

  • All 4 test classes pass
  • Path traversal attacks caught by validateDirectoryMount()
  • Unsafe markdown sanitized correctly
  • Git config blocklist verified exhaustively

Metadata

Metadata

Assignees

No one assigned

    Labels

    application-serverSpring Boot server: APIs, business logic, database

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions