feat(core): Add Scope::is_forbidden (#11767)

FabianLars · web-flow · commit 5188c0fae2bb · 2024-11-26T14:31:48.000+02:00
diff --git a/.changes/core-scope-is-forbidden.md b/.changes/core-scope-is-forbidden.md
@@ -0,0 +1,5 @@
+---
+tauri: 'minor:feat'
+---
+
+Added `Scope::is_forbidden` to check if a path was explicitly forbidden.
diff --git a/crates/tauri/src/scope/fs.rs b/crates/tauri/src/scope/fs.rs
@@ -339,21 +339,12 @@ impl Scope {
   }
 
   /// Determines if the given path is allowed on this scope.
+  ///
+  /// Returns `false` if the path was explicitly forbidden or neither allowed nor forbidden.
+  ///
+  /// May return `false` if the path points to a broken symlink.
   pub fn is_allowed<P: AsRef<Path>>(&self, path: P) -> bool {
-    let path = path.as_ref();
-    let path = if path.is_symlink() {
-      match std::fs::read_link(path) {
-        Ok(p) => p,
-        Err(_) => return false,
-      }
-    } else {
-      path.to_path_buf()
-    };
-    let path = if !path.exists() {
-      crate::Result::Ok(path)
-    } else {
-      std::fs::canonicalize(path).map_err(Into::into)
-    };
+    let path = try_resolve_symlink_and_canonicalize(path);
 
     if let Ok(path) = path {
       let path: PathBuf = path.components().collect();
@@ -380,6 +371,39 @@ impl Scope {
       false
     }
   }
+
+  /// Determines if the given path is explicitly forbidden on this scope.
+  ///
+  /// May return `true` if the path points to a broken symlink.
+  pub fn is_forbidden<P: AsRef<Path>>(&self, path: P) -> bool {
+    let path = try_resolve_symlink_and_canonicalize(path);
+
+    if let Ok(path) = path {
+      let path: PathBuf = path.components().collect();
+      self
+        .forbidden_patterns
+        .lock()
+        .unwrap()
+        .iter()
+        .any(|p| p.matches_path_with(&path, self.match_options))
+    } else {
+      true
+    }
+  }
+}
+
+fn try_resolve_symlink_and_canonicalize<P: AsRef<Path>>(path: P) -> crate::Result<PathBuf> {
+  let path = path.as_ref();
+  let path = if path.is_symlink() {
+    std::fs::read_link(path)?
+  } else {
+    path.to_path_buf()
+  };
+  if !path.exists() {
+    crate::Result::Ok(path)
+  } else {
+    std::fs::canonicalize(path).map_err(Into::into)
+  }
 }
 
 fn escaped_pattern(p: &str) -> Result<Pattern, glob::PatternError> {
