package utils

import (
	"archive/zip"
	"os"
	"path/filepath"
	"testing"
)

func TestExtractZip_PathTraversal(t *testing.T) {
	dir := t.TempDir()
	zipPath := filepath.Join(dir, "a.zip")
	dest := filepath.Join(dir, "out")

	f, err := os.Create(zipPath)
	if err != nil {
		t.Fatal(err)
	}
	zw := zip.NewWriter(f)
	w, err := zw.Create("../evil.png")
	if err != nil {
		t.Fatal(err)
	}
	_, _ = w.Write([]byte("x"))
	_ = zw.Close()
	_ = f.Close()

	allowed := map[string]struct{}{".png": {}}
	_, err = ExtractZip(zipPath, dest, allowed, ZipLimits{MaxFiles: 10, MaxTotalBytes: 1024, MaxFileBytes: 1024})
	if err == nil {
		t.Fatalf("expected error")
	}
}