New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix filelib:safe_relative_path/2
#7208
Conversation
CT Test Results 2 files 89 suites 40m 3s ⏱️ Results for commit 8e83401. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
It might be worth noting that a path is always reported as |
It may also be worth noting that the given |
Finally, it may be worth noting that if a call to |
@rickard-green @bjorng @jhogberg what is the status of this PR, on your side? The issue behind this looks somewhat serious to me, which should be discussed and seen to 😅 |
That said, I would suggest as much as the complete removal of the function because, as @juhlig already said, the result is not unconditionally trustworthy on OSes that support symlinks: A path that is reported as safe (or Nevertheless, it carries a strong connotation of "if you just use this function, nothing bad can happen". The alternative is to plaster the documentation with appropriate warnings. Just my 2ct 😉 |
@Maria-12648430 We intend to review this pull request but haven't gotten to it yet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have taken a first look at the code. So far I haven't found any flaws. I will do some more thinking and probably discuss this PR with one or more colleagues.
The function would return a wrong path if the second argument was a link and the path in the first argument would descend and then ascend again to the top level. The function would also report a path as unsafe by falsely detecting a link loop if a link would target another link, which in turn would target a file of the same name like bar --> foo/bar --> (foo/)foo/bar. Co-authored-by: Björn Gustavsson <bgustavsson@gmail.com>
b08cb6e
to
8e83401
Compare
@bjorng suggestions applied 👍 |
Thanks! Added to our daily builds. |
Thanks for your pull request. |
Fixes #6460.
The function would return a wrong path if the second argument was a link and the path in the first argument would descend and then ascend again to the top level.
The function would also report a path as unsafe by falsely detecting a link loop if a link would target another link, which in turn would target a file of the same name like
bar
-->foo/bar
--> (foo/
)foo/bar
.As the link resolving and CWD-breakout and loop detection is pretty tricky, I'm not 100% sure it is correct in every aspect and corner case. Please review carefully.