gooneyryan/scarf
1
0
Fork 0
mirror of https://github.com/awizemann/scarf.git synced 2026-05-10 02:26:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(ssh): regression tests for ControlPath socket-limit invariants

Browse Source 
Two tests pinning the invariants that were violated / introduced
by the #19 / PR #20 fix:

- controlDirPathFitsMacOSSocketLimit: asserts dir + '/' + 64-char
  %C hash + NUL <= 104 bytes. Would have caught the original
  Caches-based path landing at 105 bytes for users with longer
  $HOME strings.

- controlDirPathIsPerUser: asserts the path includes the current
  uid, pinning the per-user-isolation invariant against any future
  refactor that drops it (since /tmp is shared across all local
  users).

scarfTests was a stub before this — these are the suite's first
real tests.
This commit is contained in:
Alan Wizemann
2026-04-20 15:45:29 -07:00
parent 1823160546
commit f36fb55ebe
1 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scarf/scarfTests/scarfTests.swift
+24 -3
View File
@@ -6,12 +6,33 @@
//
import Testing
import Darwin
@testable import scarf
struct scarfTests {
@Suite struct ControlPathTests {
@Test func example() async throws {
// Write your test here and use APIs like `#expect(...)` to check expected conditions.
/// macOS' `sun_path` is 104 bytes including the NUL terminator. OpenSSH's
/// `%C` token expands to a 64-char SHA1 hex digest. The full bound socket
/// path is `<controlDir>/<%C>`, so the worst case is
/// `controlDir.utf8.count + 1 (separator) + 64 (hash) + 1 (NUL)`.
///
/// This test pins the invariant violated by the original Caches-based
/// path that triggered issue #19 any future change to `controlDirPath`
/// that drifts back over the limit will fail here instead of silently
/// breaking remote SSH for users with long `$HOME` strings.
@Test func controlDirPathFitsMacOSSocketLimit() {
let dir = SSHTransport.controlDirPath()
let worstCase = dir.utf8.count + 1 + 64 + 1
#expect(worstCase <= 104,
"ControlPath worst case is \(worstCase) bytes for dir '\(dir)'; macOS sun_path limit is 104")
}
/// `/tmp` is shared across all users on a Mac. The per-uid suffix is what
/// keeps two local users' control sockets from colliding guard against
/// a refactor that drops it.
@Test func controlDirPathIsPerUser() {
let dir = SSHTransport.controlDirPath()
#expect(dir.contains("\(getuid())"),
"ControlPath '\(dir)' must include the current uid for per-user isolation")
}
}