fix: expand tilde in SSH agent socket path before setenv

datlechin · datlechin · commit 85fd8962422b · 2026-03-15T13:30:22.000+07:00
diff --git a/TablePro/Core/SSH/Auth/AgentAuthenticator.swift b/TablePro/Core/SSH/Auth/AgentAuthenticator.swift
@@ -21,7 +21,7 @@ internal struct AgentAuthenticator: SSHAuthenticator {
         let originalSocketPath = ProcessInfo.processInfo.environment["SSH_AUTH_SOCK"]
         let needsSocketOverride = socketPath != nil
 
-        if let overridePath = socketPath, needsSocketOverride {
+        if let overridePath = socketPath.map(SSHPathUtilities.expandTilde), needsSocketOverride {
             Self.agentSocketLock.lock()
             Self.logger.debug("Using custom SSH agent socket: \(overridePath, privacy: .private)")
             setenv("SSH_AUTH_SOCK", overridePath, 1)
diff --git a/TablePro/Core/SSH/Auth/PublicKeyAuthenticator.swift b/TablePro/Core/SSH/Auth/PublicKeyAuthenticator.swift
@@ -12,7 +12,7 @@ internal struct PublicKeyAuthenticator: SSHAuthenticator {
     let passphrase: String?
 
     func authenticate(session: OpaquePointer, username: String) throws {
-        let expandedPath = expandPath(privateKeyPath)
+        let expandedPath = SSHPathUtilities.expandTilde(privateKeyPath)
 
         guard FileManager.default.fileExists(atPath: expandedPath) else {
             throw SSHTunnelError.tunnelCreationFailed(
@@ -54,16 +54,4 @@ internal struct PublicKeyAuthenticator: SSHAuthenticator {
         }
     }
 
-    private func expandPath(_ path: String) -> String {
-        if path.hasPrefix("~/") {
-            return FileManager.default.homeDirectoryForCurrentUser
-                .appendingPathComponent(String(path.dropFirst(2)))
-                .path(percentEncoded: false)
-        }
-        if path == "~" {
-            return FileManager.default.homeDirectoryForCurrentUser
-                .path(percentEncoded: false)
-        }
-        return path
-    }
 }
diff --git a/TablePro/Core/SSH/SSHConfigParser.swift b/TablePro/Core/SSH/SSHConfigParser.swift
@@ -86,8 +86,8 @@ final class SSHConfigParser {
                                 hostname: currentHostname,
                                 port: currentPort,
                                 user: currentUser,
-                                identityFile: expandPath(currentIdentityFile),
-                                identityAgent: expandPath(currentIdentityAgent),
+                                identityFile: currentIdentityFile.map(SSHPathUtilities.expandTilde),
+                                identityAgent: currentIdentityAgent.map(SSHPathUtilities.expandTilde),
                                 proxyJump: currentProxyJump
                             ))
                     }
@@ -133,8 +133,8 @@ final class SSHConfigParser {
                     hostname: currentHostname,
                     port: currentPort,
                     user: currentUser,
-                    identityFile: expandPath(currentIdentityFile),
-                    identityAgent: expandPath(currentIdentityAgent),
+                    identityFile: currentIdentityFile.map(SSHPathUtilities.expandTilde),
+                    identityAgent: currentIdentityAgent.map(SSHPathUtilities.expandTilde),
                     proxyJump: currentProxyJump
                 ))
         }
@@ -192,14 +192,4 @@ final class SSHConfigParser {
         return jumpHosts
     }
 
-    /// Expand ~ to home directory in path
-    private static func expandPath(_ path: String?) -> String? {
-        guard let path = path else { return nil }
-
-        if path.hasPrefix("~") {
-            return FileManager.default.homeDirectoryForCurrentUser
-                .appendingPathComponent(String(path.dropFirst(2))).path(percentEncoded: false)
-        }
-        return path
-    }
 }
diff --git a/TablePro/Core/SSH/SSHPathUtilities.swift b/TablePro/Core/SSH/SSHPathUtilities.swift
@@ -0,0 +1,23 @@
+//
+//  SSHPathUtilities.swift
+//  TablePro
+//
+
+import Foundation
+
+enum SSHPathUtilities {
+    /// Expand ~ to the current user's home directory in a path.
+    /// Unlike shell commands, `setenv()` and file APIs do not expand `~` automatically.
+    static func expandTilde(_ path: String) -> String {
+        if path.hasPrefix("~/") {
+            return FileManager.default.homeDirectoryForCurrentUser
+                .appendingPathComponent(String(path.dropFirst(2)))
+                .path(percentEncoded: false)
+        }
+        if path == "~" {
+            return FileManager.default.homeDirectoryForCurrentUser
+                .path(percentEncoded: false)
+        }
+        return path
+    }
+}
diff --git a/TableProTests/Core/SSH/SSHConfigurationTests.swift b/TableProTests/Core/SSH/SSHConfigurationTests.swift
@@ -150,6 +150,34 @@ struct SSHConfigurationTests {
         #expect(config.isValid == false)
     }
 
+    // MARK: - SSHPathUtilities
+
+    @Test("Tilde expansion resolves ~/path to home directory")
+    func testTildeExpansionWithSubpath() {
+        let home = FileManager.default.homeDirectoryForCurrentUser.path(percentEncoded: false)
+        let result = SSHPathUtilities.expandTilde("~/Library/agent.sock")
+        #expect(result == "\(home)/Library/agent.sock")
+    }
+
+    @Test("Tilde expansion resolves bare ~ to home directory")
+    func testTildeExpansionBare() {
+        let home = FileManager.default.homeDirectoryForCurrentUser.path(percentEncoded: false)
+        let result = SSHPathUtilities.expandTilde("~")
+        #expect(result == home)
+    }
+
+    @Test("Tilde expansion leaves absolute paths unchanged")
+    func testTildeExpansionAbsolutePath() {
+        let result = SSHPathUtilities.expandTilde("/absolute/path")
+        #expect(result == "/absolute/path")
+    }
+
+    @Test("Tilde expansion leaves empty string unchanged")
+    func testTildeExpansionEmptyString() {
+        let result = SSHPathUtilities.expandTilde("")
+        #expect(result == "")
+    }
+
     @Test("Backward-compatible decoding without jumpHosts key")
     func testBackwardCompatibleDecoding() throws {
         let jsonString = """
