@@ -106,3 +106,29 @@ def test_does_not_absolute_path_inside_another_folder():
106106
107107def test_disable_checkPathStart ():
108108 assert detect_path_traversal ("/etc/passwd" , "/etc/passwd" , False ) is False
109+
110+
111+ def test_current_directory_references ():
112+ """/./ should be normalized to /"""
113+ assert detect_path_traversal ("/./etc/passwd" , "/./etc" ) is True
114+ assert detect_path_traversal ("/etc/./passwd" , "/etc" ) is True
115+ assert detect_path_traversal ("/etc/./passwd" , "/etc/./" ) is True
116+ assert detect_path_traversal ("/./etc/passwd" , "/./etc/passwd" ) is True
117+ assert detect_path_traversal ("/etc/./passwd" , "/etc/./passwd" ) is True
118+ assert detect_path_traversal ("/./etc/./passwd" , "/./etc/./passwd" ) is True
119+ # Multiple /./ sequences
120+ assert detect_path_traversal ("/././etc/passwd" , "/././etc" ) is True
121+ assert detect_path_traversal ("/etc/././passwd" , "/etc/././passwd" ) is True
122+
123+
124+ def test_path_normalization ():
125+ """Paths with multiple slashes and /./ should be normalized and detected"""
126+ assert detect_path_traversal ("//etc//passwd" , "/etc" ) is True
127+ assert detect_path_traversal ("/./etc/./passwd" , "/etc" ) is True
128+ assert detect_path_traversal ("/././etc/passwd" , "/etc" ) is True
129+ # Paths without leading slash are not unsafe
130+ assert detect_path_traversal ("etc/passwd" , "etc" ) is False
131+ assert detect_path_traversal ("" , "" ) is False
132+ # Combined slashes and dot: ///.///etc/passwd should normalize to /etc/passwd
133+ assert detect_path_traversal ("///.///etc/passwd" , "///.///etc" ) is True
134+ assert detect_path_traversal ("///.///etc/passwd" , "///.///etc/passwd" ) is True
0 commit comments