Skip to content

test(ios): Add unit tests for RNSentryIsPathUnderAllowedRoots#6068

Merged
antonis merged 1 commit intomainfrom
fix/ios-uri-validation-tests
Apr 29, 2026
Merged

test(ios): Add unit tests for RNSentryIsPathUnderAllowedRoots#6068
antonis merged 1 commit intomainfrom
fix/ios-uri-validation-tests

Conversation

@antonis
Copy link
Copy Markdown
Contributor

@antonis antonis commented Apr 29, 2026

Type of change

  • Bugfix (non-breaking change which fixes an issue)

Description

Follow-up to #6045 (closes #6062).

Adds iOS XCTest coverage for the RNSentryIsPathUnderAllowedRoots path-validation function introduced in #6045, bringing iOS to parity with the Android RNSentryUriValidationTest (17 cases).

What's added:

  • +isPathUnderAllowedRootsForTesting: class-method wrapper on RNSentry, declared in RNSentry+Test.h — exposes the file-scope static C function to the test target without making it part of the public API. Same pattern as +captureReplayWithReturnValue.
  • RNSentryUriValidationTests.m — 9 cases wired into RNSentryCocoaTester.xcodeproj:
    • empty path → NO
    • path with .. component → NO
    • path under NSTemporaryDirectory() → YES
    • path under caches dir → YES
    • path under documents dir → YES
    • path under Library/Cookies → NO
    • absolute path outside sandbox (/etc/passwd) → NO
    • path under Library/Application Support → NO
    • symlink inside tmp pointing to /etc/passwd → NO (real symlink created via NSFileManager, cleaned up in tearDown)

Motivation and Context

The path-validation logic handles .. traversal prevention and symlink resolution — edge cases that should be tested. Flagged during review of #6045.

How did you test it?

  • yarn build, yarn test (1343 + 259 + 1), yarn lint:lerna, yarn circularDepCheck — all clean.
  • clang-format --Werror passes on all three modified iOS files.
  • iOS tests run via native-tests.yml CI (xcodebuild test on the RNSentryCocoaTester scheme).

Checklist

  • I reviewed the code myself
  • I added tests to verify the changes
  • No new linter warnings

@antonis @claude
test(ios): Add unit tests for RNSentryIsPathUnderAllowedRoots
8820844 
Exposes the static path-validator via a thin class-method wrapper
(+isPathUnderAllowedRootsForTesting:) declared in RNSentry+Test.h,
following the existing +captureReplayWithReturnValue pattern.

Adds RNSentryUriValidationTests.m with 9 cases: empty path, dot-dot
traversal, paths under tmp/caches/docs (allowed), paths under
Library and Library/Application Support (blocked), absolute path
outside sandbox, and a symlink-inside-tmp→/etc/passwd (blocked).

Closes #6062.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026
edited
Loading

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • test(ios): Add unit tests for RNSentryIsPathUnderAllowedRoots by antonis in #6068
  • chore(deps): update Bundler Plugins to v5.2.1 by github-actions in #6067
  • chore(deps): update CLI to v3.4.1 by github-actions in #6066
  • fix(ci): Grant statuses: write to changelog-preview caller by antonis in #6063
  • fix(android): Use safeExtGet for compileSdkVersion in expo-handler by lucas-zimerman in #6061
  • fix(core): Restrict getDataFromUri native bridge methods by antonis in #6045
  • chore(deps): bump postcss to ^8.5.10 by antonis in #6058
  • ref: Remove enableSessionReplayInUnreliableEnvironment use by itaybre in #6046
  • fix(core): Harden metro dev helpers by antonis in #6044
  • fix(android): Mask auth token in sentry.gradle upload-task log by antonis in #6057
  • fix(tracing): Discard invalid navigation transactions via event processor by alwx in #6051
  • ci: Restore changelog-preview workflow with hardened craft 2.26.2 by antonis in #6056
  • chore(deps): update Maestro to v2.5.0 by github-actions in #6053
  • chore(deps): bump getsentry/craft from 2.25.4 to 2.26.2 by dependabot in #6050
  • chore: Back-merge release/8.9.1 into main by antonis in #6055
  • feat(core): Add rage tap detection with ui.frustration breadcrumbs by alwx in #5992
  • chore(deps): bump fast-xml-parser to ^5.7.0 by antonis in #6043
  • chore(deps): bump @xmldom/xmldom to 0.8.13/0.9.10 by antonis in #6042
  • chore(deps-dev): Remove unused uuid devDependency by antonis in #6041
  • feat(core): Add includeFeedback Metro option to exclude feedback widget from bundle by antonis in #6025
  • chore(deps): update JavaScript SDK to v10.50.0 by github-actions in #6040
  • chore(deps): update Sentry Android Gradle Plugin to v6.5.0 by github-actions in #6039
  • fix(android): Stop Hermes profiler on React instance teardown by antonis in #6035

🤖 This preview updates automatically when you update the PR.

@antonis antonis added the ready-to-merge Triggers the full CI test suite label Apr 29, 2026
@sentry
Copy link
Copy Markdown

sentry Bot commented Apr 29, 2026

📲 Install Builds

Android

🔗 App Name App ID Version Configuration
Sentry RN io.sentry.reactnative.sample 8.9.2 (85) Release

⚙️ sentry-react-native Build Distribution Settings

@antonis antonis marked this pull request as ready for review April 29, 2026 10:56
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

iOS (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1221.21 ms 1222.85 ms 1.64 ms
Size 3.38 MiB 4.78 MiB 1.39 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
7ac3378+dirty 1213.37 ms 1218.15 ms 4.78 ms
4b87b12+dirty 1212.90 ms 1222.09 ms 9.19 ms
890d145+dirty 1223.59 ms 1231.37 ms 7.78 ms
0d9949d+dirty 1211.38 ms 1219.67 ms 8.29 ms
04207c4+dirty 1191.27 ms 1189.78 ms -1.48 ms
3ce5254+dirty 1219.93 ms 1221.90 ms 1.96 ms
4953e94+dirty 1212.06 ms 1214.83 ms 2.77 ms
2c735cc+dirty 1229.67 ms 1221.50 ms -8.17 ms
a50b33d+dirty 1197.74 ms 1197.17 ms -0.57 ms
df5d108+dirty 1225.90 ms 1220.14 ms -5.76 ms

App size

Revision Plain With Sentry Diff
7ac3378+dirty 3.38 MiB 4.76 MiB 1.38 MiB
4b87b12+dirty 3.38 MiB 4.77 MiB 1.39 MiB
890d145+dirty 3.38 MiB 4.77 MiB 1.38 MiB
0d9949d+dirty 3.38 MiB 4.76 MiB 1.38 MiB
04207c4+dirty 3.38 MiB 4.76 MiB 1.38 MiB
3ce5254+dirty 3.38 MiB 4.76 MiB 1.38 MiB
4953e94+dirty 3.38 MiB 4.73 MiB 1.35 MiB
2c735cc+dirty 3.38 MiB 4.74 MiB 1.35 MiB
a50b33d+dirty 3.38 MiB 4.73 MiB 1.35 MiB
df5d108+dirty 3.38 MiB 4.73 MiB 1.35 MiB

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

iOS (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1217.75 ms 1221.43 ms 3.68 ms
Size 3.38 MiB 4.78 MiB 1.39 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
7ac3378+dirty 1202.35 ms 1198.31 ms -4.04 ms
4b87b12+dirty 1199.49 ms 1199.78 ms 0.29 ms
890d145+dirty 1212.98 ms 1220.10 ms 7.12 ms
0d9949d+dirty 1203.94 ms 1202.27 ms -1.67 ms
04207c4+dirty 1228.55 ms 1226.04 ms -2.51 ms
3ce5254+dirty 1217.70 ms 1224.69 ms 6.99 ms
4953e94+dirty 1217.41 ms 1223.53 ms 6.12 ms
2c735cc+dirty 1223.33 ms 1224.38 ms 1.04 ms
a50b33d+dirty 1207.11 ms 1212.10 ms 5.00 ms
df5d108+dirty 1207.34 ms 1210.50 ms 3.16 ms

App size

Revision Plain With Sentry Diff
7ac3378+dirty 3.38 MiB 4.76 MiB 1.38 MiB
4b87b12+dirty 3.38 MiB 4.77 MiB 1.39 MiB
890d145+dirty 3.38 MiB 4.77 MiB 1.38 MiB
0d9949d+dirty 3.38 MiB 4.76 MiB 1.38 MiB
04207c4+dirty 3.38 MiB 4.76 MiB 1.38 MiB
3ce5254+dirty 3.38 MiB 4.76 MiB 1.38 MiB
4953e94+dirty 3.38 MiB 4.73 MiB 1.35 MiB
2c735cc+dirty 3.38 MiB 4.74 MiB 1.35 MiB
a50b33d+dirty 3.38 MiB 4.73 MiB 1.35 MiB
df5d108+dirty 3.38 MiB 4.73 MiB 1.35 MiB

lucas-zimerman
lucas-zimerman approved these changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@lucas-zimerman lucas-zimerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@antonis antonis merged commit 98b00f0 into main Apr 29, 2026
110 of 117 checks passed
@antonis antonis deleted the fix/ios-uri-validation-tests branch April 29, 2026 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas-zimerman lucas-zimerman lucas-zimerman approved these changes

@alwx alwx Awaiting requested review from alwx alwx is a code owner

Assignees

No one assigned

Labels

ready-to-merge Triggers the full CI test suite

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add iOS unit tests for RNSentryIsPathUnderAllowedRoots

2 participants

@antonis @lucas-zimerman