Remove lstrip & os.sep on targetpath & pathpattern

For targetpath: we don't want to support corner cases such as file paths starting with separator. Why this case should be threated specially than any other case where you have multiple "/" for example "foo//bar/tar.gz"? For pathpattern: it's recommended that the separator in the pathpattern should be "/": see https://theupdateframework.github.io/specification/latest/#targetpath I believe it could lead to issues for a client implementation if it supports arbitrary separators - every implementation needs to choose one and stick with it. Then, if we decide that "/" is our separator using lstrip on "os.sep" is wrong, because the os separator from the server could be different that the one used in the client. Because of the above arguments, it makes sense to just remove lstrip on os separators. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
theupdateframework · Aug 17, 2021 · 470f753 · 470f753
1 parent e1a57cf
commit 470f753
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -19,7 +19,6 @@
 import fnmatch
 import io
 import logging
-import os
 import tempfile
 from collections import OrderedDict
 from datetime import datetime, timedelta
@@ -1078,8 +1077,8 @@ def is_delegated_path(self, target_filepath: str) -> bool:
                 # path separators so that a match is made.
                 # Example: "foo.tgz" should match with "/*.tgz".
                 if _is_target_in_pathpattern(
-                    target_filepath.lstrip(os.sep),
-                    pathpattern.lstrip(os.sep),
+                    target_filepath,
+                    pathpattern,
                 ):
                     return True