danreeves / path-clean Goto Github PK
View Code? Open in Web Editor NEWA Rust implementation of `cleanname` or `path.Clean`
License: Other
A Rust implementation of `cleanname` or `path.Clean`
License: Other
Hello,
There is ongoing discussion for sanitizing paths in typst, I was wondering if you consider this implementation to be acceptable as a safety feature? For example to check whether a script is trying to access a file outside of the predetermined root directory?
Thanks in advance,
Dherse
cargo-geiger marks crates in one of three ways:
unsafe
and, thus, in need of more careful and skilled auditing.unsafe
#![forbid(unsafe_code)]
Given that the point of path-clean is to "[perform] this transform lexically, without touching the filesystem" (unlike normpath which depends on GetFullPathNameW
on Windows), adding #![forbid(unsafe_code)]
as an additional indicator of the intent to do it without FFI calls seems like a good idea.
This pathbuf is not cleaned on windows:
PathBuf::from("/dir\\../otherDir/test.json").clean()
Remains as:
/dir\../otherDir/test.json
Workaround:
PathBuf::from(file_path.to_string_lossy().replace("\\", "/")).clean()
Currently, your clean
function requires &str
and your trait just throws out any paths containing invalid UTF-8.
Given how easily one can have invalid UTF-8 on POSIX platforms from mojibake in filenames (eg. Load data onto a mobile device that uses latin1 on-disk using its USB Mass Storage Device mode, then pull the SD card out and plug it into a UTF-8 Linux device directly), this makes it of very limited use. (And Windows also allows unpaired UTF-16 surrogates in filenames for historical reasons.)
The proper solution would be to use the Path::components
iterator so you don't need to convert to &str
to match on component types or, for that matter, even think about what path separator the platform is using.
You'd just get a sequence of Prefix(PrefixComponent)
(Stuff like C:
or \\server\share
), RootDir
, CurDir
, ParentDir
, and Normal(&OsStr)
values, and it'd collapse away //
, /./
, and trailing /
and /.
for you.
(That'd also allow you to eliminate an unnecessary intermediate copy in going from PathBuf
to &str
, since you can just impl
your trait on Path
.)
You would expect "c:/temp/.." to be normalized to "c:/", but it results in "c:". "c:" does not mean the root of windows file system, but rather current directory in drive c:.
let buf = clean("c:/temp/..");
assert_eq!(buf, "c:");
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.