Don't follow symlinks when adding files to tarballs #634
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Path.wildcard("**") follows symlinks when collecting all of the files
under a path. This can lead to files in the tarball containing paths
with the symlink in them. If the directory corresponding to the symlink
hasn't been created, then the extraction will fail.
As an example, the "create with files" unit test now contains a symlink
in a directory. Without the fix, it fails like this:
Untaring the
contents.tar.gz
shows the problem.dir/a_link_to_dir2
is created as a symlink todir/dir2
. Thetest.txt
file is then extracted to it. This fails sincedir2
hasn'tbeen created yet so
a_link_to_dir2
is dangling. It's also notdesirable that
test.txt
was included twice.This test seems like it is dependent on the order that the OS lists
files in a directory. My tests are on Linux, but OSX orders files
differently. The symlink starts with an "a" to try to force it to list
first.
After the fix in this commit, the
contents.tar.gz
looks like this:As you can see,
test.txt
is listed once and its parent directory isthe real directory,
dir2
, and not the symlink.Fixes #631.