-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
import
directive should not import dotfiles
#5048
Comments
import
directive should not include dotfilesimport
directive should not import dotfiles
I'd suggest using an extension like |
Thank you for considering, and a quick response! I appreciate the workaround but as I noted in my post, I've already considered such options, and if that's all I was here for I wouldn't have opened the issue 🙂 I opened this issue because from my perspective the globbing behavior is a misfeature at best: as I stated above, standard shell globbing doesn't include dotfiles (they're Unix's "hidden files", after all), and most include specs I've used follow suit. I would guess this is unexpected behavior to most folks who are familiar with globbing. I would be surprised if someone was depending on including dotfiles for their config, but if we're concerned about that, it could be behind a flag and a major version change. I just ran a test to double-check and confirmed that both Apache and Nginx ignore dotfiles when gathering includes in their config files. I think Caddy should follow suit, in the interest of following the Principle of Least Astonishment. It's quite surprising to find that Caddy acts differently than the two other predominant Linux webservers in how it handles hidden files and globbing. It's quite common for editors to leave hidden files alongside files they're editing, and it's frustrating to have this behavior suddenly break my webserver in unexpected ways! Additionally, with the current behavior, I have no way of achieving what I want, other than workarounds that require me to name my files differently than I planned to. I understand not wanting to potentially break existing usage and prioritizing that to an extent, but it's also breaking my use that is legitimate in basically every other Unix application I've used, and not at all hypothetical. Whereas in the reverse situation - if Caddy ignored dotfiles by default, but a user really wanted to include dotfiles for whatever reason, there's a much cleaner workaround readily available. They could do so easily with two includes without changing their file structure at all:
A little funky-looking, sure, but you're using dotfiles as config files, you're already doing funky things. There's not even much concern around ordering, because dotfiles naturally come before all the other files anyway, unless they start config files with quotes or spaces...which I would be really surprised if folks were doing intentionally. |
Well argued. Fair enough. And sorry for missing that you mentioned the suffix idea already 👍 |
I'd like to give implementing this a shot, where could I find the path selector in this case? |
You'll be working in this range: caddy/caddyconfig/caddyfile/parse.go Lines 369 to 410 in 821a08a
|
Alright, so would it make sense to just check for whether there's a |
// ignore hidden files if not explicity specified
if !strings.HasPrefix(filepath.Base(importPattern), ".") || filepath.Base(importPattern) == "." || filepath.Base(importPattern) == ".." {
globPattern = "[!.]" + globPattern
} I'm thinking something like this should go after line 383. |
Hi @ADawesomeguy thanks for digging in here! I'm not a maintainer here but as the one who opened the ticket, I've thought through it a bit, and have a couple suggestions here, hopefully they're helpful! Looking at the docs for ...however, I am wary of modifying the pattern at all. I'm wary of attempting to modify user input in general, because it creates many possible edge cases. For example, suppose the user put something like This is just an example off the top of my head - the general gist is, trying to anticipate and adjust for every possible thing a user might do like this is not a situation I like to be in as a programmer, it's too much trouble :) Instead, I would suggest leaving the user input as-is, let I'm not sure which is best, the Caddy maintainers may have opinions one way or the other. Pro/cons I see:
A couple other brief notes from thinking through this approach:
Some further thoughts - these all optional I think, depends on what the maintainers think. Most of them could be added separately as enhancements, so if it seems like a lot you can probably ignore them!
|
You might also want to consider "~" as well as "." , |
@cincodenada thanks for the very good points! Seems very doable let me go back through and make that change. |
@we-sell-bags Generally we try to avoid bash expansion in Caddy config, since (1) we're not bash, and (2) it tends to be surprising or lead to misconfigurations / vulnerabilities. (for example, Caddy often executes as a different user than the one who wrote the config) |
@mholt I think @we-sell-bags wasn't talking about the "home" tilde, but rather a similar convention from Windows (see a couple related issues on Microsoft's support site). I was not familiar with this convention, I'm not very familiar with Windows and certainly not running webservers on it, so I can't really speak to how universal it is. From the support links above, it looks like this convention is generally used in combination with the actual "hidden" flag, and that unhidden tilde-files are not treated specially by Windows Explorer (at least in recent versions of Windows). So, to me it seems less universal than dotfiles, which essentially are Unix's hidden flag, and probably don't make sense to treat specially, but again I am not very familiar with it, so I'll defer to folks who are. That brings up another question though, which is, what is Note: I initially thought @we-sell-bags was talking about a third kind of file, editor temporary files that end with a tilde, but after some research concluded I was assuming incorrectly. View the version from 2:31 PDT in the edit history on this post (that's just before the first 7-minute gap) if you care to see my argument about why we shouldn't do anything special for those 😅 |
Oh, I see. That's very unusual. 😛 Let's start with dotfiles, then if anyone is actually hitting a snag with tilde files, we can address that after getting their report/use case. |
it is more MS deliberate corruption of the standards. you don't need to be running this on windows...... you only need to have windows kit exposed the directory. with R/W for that user.... also i have seen windows spam all over a linux directory tree.... Personally I avoid it where possible , but running linux kit back end.. you get to see these things... |
For a related change in Go see golang/go@36dbf7f: |
This is done as of #5320, this didn't get closed for some reason. |
I'm attempting to import all files in a directory, as directed in the documentation:
But I'm running into errors because it's trying to include my editor's dotfiles, which are also in that directory.
Obviously I can clean up the dotfiles, or add a suffix to all the files I do want to include or what have you, and you can argue about whether editing files in-place is good practice. But I would consider this a bug - standard shell globbing doesn't include dotfiles, so it is surprising that Caddy's
import
statement does, and I don't see any way to avoid including dotfiles - these are globs, not regexes.I'm not super familiar with Go, but I looked briefly at the code hoping that there was a flag or something, but it seems not. Python, for instance, has
glob.glob()
for shell-like file globbing (which doesn't include dotfiles) andpathlib.Path.glob()
which does include dotfiles. I don't know if Go has anything similar, or if we'd just have to manually exclude any files that start with.
after the fact.In any case, I think globs in an include spec should be changed to not include dotfiles, you could include a config flag for backwards compatibility if desired, although I would be surprised if anyone is intentionally including dotfiles.
Note this is a totally separate concern from issues like #2286, which are about serving dotfiles - this is about importing dotfiles as part of config parsing.
The text was updated successfully, but these errors were encountered: