From b3f88d7a8cdb2e625ad72cef4a65ef22f9dd9cfb Mon Sep 17 00:00:00 2001 From: rcourtman Date: Tue, 2 Dec 2025 01:11:57 +0000 Subject: [PATCH] test: Add edge case tests for HandleSetupScript Tests method not allowed, missing type parameter, and invalid host parameter error paths (71.4% to 79.2% coverage). --- .../api/config_handlers_setup_script_test.go | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/internal/api/config_handlers_setup_script_test.go b/internal/api/config_handlers_setup_script_test.go index 3b55528..580b485 100644 --- a/internal/api/config_handlers_setup_script_test.go +++ b/internal/api/config_handlers_setup_script_test.go @@ -142,3 +142,64 @@ func truncate(s string, maxLen int) string { } return s[:maxLen] + "..." } + +func TestHandleSetupScript_MethodNotAllowed(t *testing.T) { + tempDir := t.TempDir() + cfg := &config.Config{ + DataPath: tempDir, + ConfigPath: tempDir, + } + + handlers := newTestConfigHandlers(t, cfg) + + for _, method := range []string{http.MethodPost, http.MethodPut, http.MethodDelete, http.MethodPatch} { + req := httptest.NewRequest(method, "/api/setup-script?type=pve", nil) + rr := httptest.NewRecorder() + + handlers.HandleSetupScript(rr, req) + + if rr.Code != http.StatusMethodNotAllowed { + t.Errorf("%s: expected 405 Method Not Allowed, got %d", method, rr.Code) + } + } +} + +func TestHandleSetupScript_MissingTypeParameter(t *testing.T) { + tempDir := t.TempDir() + cfg := &config.Config{ + DataPath: tempDir, + ConfigPath: tempDir, + } + + handlers := newTestConfigHandlers(t, cfg) + + // No type parameter + req := httptest.NewRequest(http.MethodGet, "/api/setup-script?host=https://example.com", nil) + rr := httptest.NewRecorder() + + handlers.HandleSetupScript(rr, req) + + if rr.Code != http.StatusBadRequest { + t.Fatalf("expected 400 Bad Request for missing type, got %d", rr.Code) + } +} + +func TestHandleSetupScript_InvalidHostParameter(t *testing.T) { + tempDir := t.TempDir() + cfg := &config.Config{ + DataPath: tempDir, + ConfigPath: tempDir, + } + + handlers := newTestConfigHandlers(t, cfg) + + // Host with shell injection attempt + req := httptest.NewRequest(http.MethodGet, "/api/setup-script?type=pve&host=https://example.com%5C%0Aecho%20pwned", nil) + rr := httptest.NewRecorder() + + handlers.HandleSetupScript(rr, req) + + if rr.Code != http.StatusBadRequest { + t.Fatalf("expected 400 Bad Request for invalid host, got %d (%s)", rr.Code, rr.Body.String()) + } +}