# pathological.tar.gz - Security Test Cases Fixture

## Purpose
Test security protections against malicious archive entries.

## Contents
- **README.md**: Warning about malicious patterns
- **legitimate.txt**: Safe baseline file
- **safe-traversal/**: Directory with ".." in filenames (simulation)
- **safe-absolute/**: Files simulating absolute path attacks
- **safe-symlinks/**: Symlink test cases

**Total**: <2KB content, <5KB compressed

## Expected Behavior

### scan()
- MUST list all entries including potentially dangerous paths
- Return raw paths without validation (scan is read-only)

### verify()
- MUST return valid=false with security errors:
  - PATH_TRAVERSAL for "../" patterns
  - ABSOLUTE_PATH for paths starting with "/"
  - SYMLINK_ESCAPE for symlinks targeting outside archive
- Emit `fulpack.security.violations_total` metrics

### extract()
- MUST reject extraction with security errors
- MUST NOT create any files with dangerous paths
- MUST NOT follow symlinks outside extraction directory

## Test Coverage
- ✅ Path traversal detection ("../../../etc/passwd")
- ✅ Absolute path rejection ("/etc/passwd", "/root/...")
- ✅ Symlink escape detection (symlink → "../../../../etc/...")
- ✅ Security metrics emitted (violations_total)
- ✅ verify() catches threats before extract()

## Security Note
⚠️  This is a simulated security fixture. Real-world malicious archives may
use more sophisticated techniques. Always validate archives before extraction.

## Size Governance
- **Max size**: 50KB (per pathological fixture governance)
- **Actual size**: ~3KB (well under limit)

Generated by: scripts/generate-fulpack-fixtures.ts
Last updated: 2025-11-14
