@@ -973,16 +973,14 @@ func TestAgent_SCP(t *testing.T) {
973973func TestAgent_FileTransferBlocked (t * testing.T ) {
974974 t .Parallel ()
975975
976- content := "hello world"
977-
978- t .Run ("SCP" , func (t * testing.T ) {
976+ t .Run ("SCP with go-scp package" , func (t * testing.T ) {
979977 t .Parallel ()
980978
981979 ctx , cancel := context .WithTimeout (context .Background (), testutil .WaitLong )
982980 defer cancel ()
983981
984982 //nolint:dogsled
985- conn , _ , _ , _ , _ := setupAgent (t , agentsdk.Manifest {}, 0 , func (c * agenttest.Client , o * agent.Options ) {
983+ conn , _ , _ , _ , _ := setupAgent (t , agentsdk.Manifest {}, 0 , func (_ * agenttest.Client , o * agent.Options ) {
986984 o .BlockFileTransfer = true
987985 })
988986 sshClient , err := conn .SSHClient (ctx )
@@ -992,26 +990,47 @@ func TestAgent_FileTransferBlocked(t *testing.T) {
992990 require .NoError (t , err )
993991 defer scpClient .Close ()
994992 tempFile := filepath .Join (t .TempDir (), "scp" )
995- err = scpClient .CopyFile (context .Background (), strings .NewReader (content ), tempFile , "0755" )
993+ err = scpClient .CopyFile (context .Background (), strings .NewReader ("hello world" ), tempFile , "0755" )
996994 require .Error (t , err )
997995 require .Contains (t , err .Error (), agentssh .BlockedFileTransferErrorMessage )
998996 })
999997
1000- t .Run ("SFTP " , func (t * testing.T ) {
998+ t .Run ("Forbidden commands " , func (t * testing.T ) {
1001999 t .Parallel ()
10021000
1003- ctx , cancel := context .WithTimeout (context .Background (), testutil .WaitLong )
1004- defer cancel ()
1001+ commands := []string {"nc" , "rsync" , "scp" , "sftp" }
1002+ for _ , c := range commands {
1003+ c := c
1004+ t .Run (c , func (t * testing.T ) {
1005+ t .Parallel ()
10051006
1006- //nolint:dogsled
1007- conn , _ , _ , _ , _ := setupAgent (t , agentsdk.Manifest {}, 0 , func (c * agenttest.Client , o * agent.Options ) {
1008- o .BlockFileTransfer = true
1009- })
1010- sshClient , err := conn .SSHClient (ctx )
1011- require .NoError (t , err )
1012- defer sshClient .Close ()
1013- _ , err = sftp .NewClient (sshClient )
1014- require .NoError (t , err )
1007+ ctx , cancel := context .WithTimeout (context .Background (), testutil .WaitLong )
1008+ defer cancel ()
1009+
1010+ //nolint:dogsled
1011+ conn , _ , _ , _ , _ := setupAgent (t , agentsdk.Manifest {}, 0 , func (_ * agenttest.Client , o * agent.Options ) {
1012+ o .BlockFileTransfer = true
1013+ })
1014+ sshClient , err := conn .SSHClient (ctx )
1015+ require .NoError (t , err )
1016+ defer sshClient .Close ()
1017+
1018+ session , err := sshClient .NewSession ()
1019+ require .NoError (t , err )
1020+ defer session .Close ()
1021+
1022+ stdout , err := session .StdoutPipe ()
1023+ require .NoError (t , err )
1024+
1025+ err = session .Start (c )
1026+ require .NoError (t , err )
1027+ defer session .Close ()
1028+
1029+ errorMessage , err := io .ReadAll (stdout )
1030+ require .NoError (t , err )
1031+ require .Contains (t , string (errorMessage ), agentssh .BlockedFileTransferErrorMessage )
1032+ })
1033+ }
10151034 })
10161035}
10171036
0 commit comments