From 064a1d01c5c14f5ecc032fa9b8346a4a88b893f6 Mon Sep 17 00:00:00 2001
From: Dawid Rycerz <dawid@rycerz.xyz>
Date: Thu, 22 Jan 2026 22:07:32 +0100
Subject: witryna 0.1.0 — initial release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Minimalist Git-based static site deployment orchestrator.
Webhook-triggered builds in Podman/Docker containers with atomic
symlink publishing, SIGHUP hot-reload, and zero-downtime deploys.

See README.md for usage, CHANGELOG.md for details.
---
 tests/integration/edge_cases.rs | 69 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 tests/integration/edge_cases.rs

(limited to 'tests/integration/edge_cases.rs')

diff --git a/tests/integration/edge_cases.rs b/tests/integration/edge_cases.rs
new file mode 100644
index 0000000..248c36f
--- /dev/null
+++ b/tests/integration/edge_cases.rs
@@ -0,0 +1,69 @@
+use crate::harness::{TestServer, test_config};
+
+#[tokio::test]
+async fn path_traversal_rejected() {
+    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
+
+    let traversal_attempts = [
+        "../etc/passwd",
+        "..%2F..%2Fetc%2Fpasswd",
+        "valid-site/../other",
+    ];
+
+    for attempt in &traversal_attempts {
+        let resp = TestServer::client()
+            .post(server.url(attempt))
+            .header("Authorization", "Bearer test-token")
+            .send()
+            .await;
+
+        if let Ok(resp) = resp {
+            let status = resp.status().as_u16();
+            assert!(
+                status == 400 || status == 404,
+                "path traversal '{attempt}' should be rejected, got {status}"
+            );
+        }
+    }
+}
+
+#[tokio::test]
+async fn very_long_site_name_rejected() {
+    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
+
+    let long_name = "a".repeat(1000);
+    let resp = TestServer::client()
+        .post(server.url(&long_name))
+        .header("Authorization", "Bearer test-token")
+        .send()
+        .await;
+
+    if let Ok(resp) = resp {
+        let status = resp.status().as_u16();
+        assert!(
+            status == 400 || status == 404 || status == 414,
+            "long site name should be rejected gracefully, got {status}"
+        );
+    }
+}
+
+#[tokio::test]
+async fn service_healthy_after_errors() {
+    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
+
+    // Make requests to non-existent sites (causes 404s in the app)
+    for _ in 0..5 {
+        let _ = TestServer::client()
+            .post(server.url("/nonexistent"))
+            .send()
+            .await;
+    }
+
+    // Server should still be healthy
+    let resp = TestServer::client()
+        .get(server.url("/health"))
+        .send()
+        .await
+        .unwrap();
+    assert_eq!(resp.status().as_u16(), 200);
+}
-- 
cgit v1.2.3