First commit of updated module

.github/workflows/windows-macos-test.yaml → .github/workflows/test.yml

@@ -1,13 +1,20 @@
-name: Test Windows and MacOS
+name: test
 
-on: [ push, pull_request ]
+on:
+  push:
+    branches:
+      - '*'
+    tags-ignore:
+      - '*'
+  pull_request:
 
 jobs:
-  tests:
+  raku:
     strategy:
       matrix:
         os:
-          - macOS-latest
+          - ubuntu-latest
+          - macos-latest
           - windows-latest
         raku-version:
           - 'latest'
@@ -18,8 +25,8 @@ jobs:
         with:
           raku-version: ${{ matrix.raku-version }}
       - name: Install Dependencies
-        run: zef install --deps-only .
+        run: zef install --/test --test-depends --deps-only .
       - name: Install App::Prove6
         run: zef install --/test App::Prove6
       - name: Run Tests
-        run: zef test --verbose .
+        run: prove6 -I. t

.gitignore

@@ -1 +1,2 @@
-lib/.precomp
+.precomp/
+/IO-Path-ChildSecure-*

Changes

@@ -0,0 +1,4 @@
+Revision history for IO-Path-ChildSecure
+
+{{$NEXT}}
+    - First version on the zef ecosystem

META6.json

@@ -1,17 +1,28 @@
 {
-    "perl"         : "6.c",
-    "name"         : "IO::Path::ChildSecure",
-    "license"      : "Artistic-2.0",
-    "version"      : "1.001011",
-    "description"  : "Secure version of IO::Path.child",
-    "tags"         : [ "file", "file system" ],
-    "depends"      : [],
-    "test-depends" : [
-        "Test"
-    ],
-    "provides"     : {
-        "IO::Path::ChildSecure" : "lib/IO/Path/ChildSecure.pm6"
-    },
-    "authors"       : ["Zoffix Znet"],
-    "support"       : {"source"   : "git://github.com/raku-community-modules/IO-Path-ChildSecure.git"}
+  "auth": "zef:raku-community-modules",
+  "authors": [
+    "Zoffix Znet"
+  ],
+  "build-depends": [
+  ],
+  "depends": [
+  ],
+  "description": "Secure version of IO::Path.child",
+  "license": "Artistic-2.0",
+  "name": "IO::Path::ChildSecure",
+  "perl": "6.c",
+  "provides": {
+    "IO::Path::ChildSecure": "lib/IO/Path/ChildSecure.rakumod"
+  },
+  "resources": [
+  ],
+  "source-url": "https://github.com/raku-community-modules/IO-Path-ChildSecure.git",
+  "tags": [
+    "file",
+    "file system"
+  ],
+  "test-depends": [
+    "Test"
+  ],
+  "version": "1.1"
 }

README.md

@@ -1,10 +1,12 @@
-[![Build Status](https://travis-ci.org/zoffixznet/perl6-IO-Path-ChildSecure.svg)](https://travis-ci.org/zoffixznet/perl6-IO-Path-ChildSecure)
+[![Actions Status](https://github.com/raku-community-modules/IO-Path-ChildSecure/actions/workflows/test.yml/badge.svg)](https://github.com/raku-community-modules/IO-Path-ChildSecure/actions)
 
-# NAME
+NAME
+====
 
-IO::Path::ChildSecure -Secure version of IO::Path.child
+IO::Path::ChildSecure - Secure version of IO::Path.child
 
-# SYNOPSIS
+SYNOPSIS
+========
 
 ```raku
 use IO::Path::ChildSecure;
@@ -19,16 +21,18 @@ use IO::Path::ChildSecure;
 "foo".IO.&child-secure: '../';
 ```
 
-# DESCRIPTION
+DESCRIPTION
+===========
 
-In the Raku Programming Language v6.c,
-[`IO::Path.child`](https://docs.raku.org/type/IO::Path#method_child) isn't
-secure, in a sense that it does no checks for whether the resultant path is
-actually a child of the original path.
+In the Raku Programming Language, [IO::Path.child](https://docs.raku.org/type/IO::Path#method_child) isn't secure, in a sense that it does no checks for whether the resultant path is actually a child of the original path.
 
-# EXPORTED SUBROUTINES
+This module provides a subroutine that can be used as an alternative that **will** check whether the resultant path is a child of the original path.
 
-## `&child-secure`
+EXPORTED SUBROUTINES
+====================
+
+child-secure
+------------
 
 ```raku
 "foo".IO.&child-secure: 'meow'; # good; you get IO::Path
@@ -38,44 +42,26 @@ actually a child of the original path.
 child-secure "foo".IO, '../';  # can also use as a proper sub
 ```
 
-Appends the given path chunk to the invocant and ensures the resultant path
-is, in fact, a child of the invocant, by accessing the filesystem and
-fully-resolving the path. The last chunk of the resultant path does not have
-to exist for the resolution to succeed.
-
-Will [`fail`](https://docs.raku.org/routine/fail) with `X::IO::Resolve` if
-failed to fully resolve the resultant path
-or with `X::IO::NotAChild` if the resultant path is not a child of the invocant.
-
-# SPECIAL NOTES
-
-- Module requires Rakudo 2017.04 or newer and will `die` on earlier versions
-  (more specifically, anything earlier than dev version
-    v2017.03.292.g.0.b.5.a.41.ba.8)
-- If you don't need to ensure secureness, use the much-faster core
-  [`IO::Path.add` method](https://docs.raku.org/type/IO::Path#method_add)
+Appends the given path chunk to the invocant and ensures the resultant path is, in fact, a child of the invocant, by accessing the filesystem and fully-resolving the path. The last chunk of the resultant path does not have to exist for the resolution to succeed.
 
-----
+Will [fail](https://docs.raku.org/routine/fail) with `X::IO::Resolve` if failed to fully resolve the resultant path or with `X::IO::NotAChild` if the resultant path is not a child of the invocant.
 
-#### REPOSITORY
+SPECIAL NOTES
+=============
 
-Fork this module on GitHub:
-https://github.com/raku-community-modules/IO-Path-ChildSecure
+If you don't need to ensure secureness, use the much-faster core [`IO::Path.add` method](https://docs.raku.org/type/IO::Path#method_add)
 
-#### BUGS
+AUTHOR
+======
 
-To report bugs or request features, please use
-https://github.com/raku-community-modules/IO-Path-ChildSecure/issues
+Zoffix Znet
 
-#### AUTHOR
+COPYRIGHT AND LICENSE
+=====================
 
-Zoffix Znet (http://perl6.party/) + Raku Modules adoption center.
+Copyright 2017-2018 Zoffix Znet
 
-#### LICENSE
+Copyright 2019-2022 Raku Community
 
-You can use and distribute this module under the terms of the
-The Artistic License 2.0. See the `LICENSE` file included in this
-distribution for complete details.
+This library is free software; you can redistribute it and/or modify it under the Artistic License 2.0.
 
-The `META6.json` file of this distribution may be distributed and modified
-without restrictions or attribution.

dist.ini

@@ -0,0 +1,13 @@
+name = IO-Path-ChildSecure
+
+[ReadmeFromPod]
+; enabled = false
+filename = lib/IO/Path/ChildSecure.rakumod
+
+[UploadToCPAN]
+
+[PruneFiles]
+; match = ^ 'xt/'
+
+[Badges]
+provider = github-actions/test.yml

lib/IO/Path/ChildSecure.rakumod

@@ -0,0 +1,99 @@
+unit class IO::Path::ChildSecure:ver<1.1>:auth<zef:raku-community-modules>;
+
+# The goal of this method is to guarantee the resultant child path is
+# inside the invocant. We resolve the path completely, so for that to
+# happen, the kid cannot be inside some currently non-existent dirs, so
+# this method will fail with X::IO::Resolve in those cases. To find out
+# if the kid is in fact a kid, we fully-resolve the kid and the
+# invocant. Then, we append a dir separator to invocant's .absolute and
+# check if the kid's .absolute starts with that string.
+
+my sub child-secure (IO::Path:D \SELF, \child) is export {
+    (my $kid := SELF.child(child).resolve: :completely) ~~ Failure
+      ?? $kid
+      !! (my $res-self := SELF.resolve: :completely) ~~ Failure
+        ?? $res-self  # failed to resolve invocant, return the Failure
+        !! ($_ := $res-self.absolute ~ SELF.SPEC.dir-sep) eq
+            $kid.absolute.substr(0, .chars)
+          ?? $kid     # kid appears to be kid-proper; return it. Otherwise fail
+          !! Failure.new:
+               X::IO::NotAChild.new:
+                 :path($res-self.absolute), :child($kid.absolute)
+}
+
+=begin pod
+
+=head1 NAME
+
+IO::Path::ChildSecure - Secure version of IO::Path.child
+
+=head1 SYNOPSIS
+
+=begin code :lang<raku>
+
+use IO::Path::ChildSecure;
+
+# good; you get IO::Path
+"foo".IO.&child-secure: 'meow';
+
+# still good if 'foo/meow/foo/bar/../' exists; Failure if it doesn't
+"foo".IO.&child-secure: 'meow/foo/bar/../meow';
+
+# bad; path isn't a child; you get Failure
+"foo".IO.&child-secure: '../';
+
+=end code
+
+=head1 DESCRIPTION
+
+In the Raku Programming Language,
+L<IO::Path.child|https://docs.raku.org/type/IO::Path#method_child> isn't
+secure, in a sense that it does no checks for whether the resultant path is
+actually a child of the original path.
+
+This module provides a subroutine that can be used as an alternative that
+B<will> check whether the resultant path is a child of the original path.
+
+=head1 EXPORTED SUBROUTINES
+
+=head2 child-secure
+
+=begin code :lang<raku>
+
+"foo".IO.&child-secure: 'meow'; # good; you get IO::Path
+"foo".IO.&child-secure: 'meow/foo/bar/../meow'; # still good
+"foo".IO.&child-secure: '../';  # bad; path isn't a child; you get Failure
+
+child-secure "foo".IO, '../';  # can also use as a proper sub
+
+=end code
+
+Appends the given path chunk to the invocant and ensures the resultant path
+is, in fact, a child of the invocant, by accessing the filesystem and
+fully-resolving the path. The last chunk of the resultant path does not have
+to exist for the resolution to succeed.
+
+Will L<fail|https://docs.raku.org/routine/fail> with C<X::IO::Resolve> if
+failed to fully resolve the resultant path or with C<X::IO::NotAChild> if
+the resultant path is not a child of the invocant.
+
+=head1 SPECIAL NOTES
+
+If you don't need to ensure secureness, use the much-faster core
+  L<C<IO::Path.add> method|https://docs.raku.org/type/IO::Path#method_add>
+
+=head1 AUTHOR
+
+Zoffix Znet
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2017-2018 Zoffix Znet
+
+Copyright 2019-2022 Raku Community
+
+This library is free software; you can redistribute it and/or modify it under the Artistic License 2.0.
+
+=end pod
+
+# vim: expandtab shiftwidth=4