Skip to content
This repository was archived by the owner on Mar 21, 2025. It is now read-only.

Project and workspace APIs should reject paths with . or .. segments #80

Open
alexrp opened this issue May 2, 2023 · 1 comment
Open

Project and workspace APIs should reject paths with . or .. segments #80

alexrp opened this issue May 2, 2023 · 1 comment
Labels
area: tooling Issues related to the tooling layer. state: approved Enhancements and tasks that have been approved.
Milestone
v1.0

Comments

@alexrp
Copy link
Member

alexrp commented May 2, 2023

celerity/src/language/tooling/Projects/ProjectConfiguration.cs

Lines 86 to 99 in 29063c1

var path = "src";
if (root.TryGetProperty("path"u8, out var pathProp))
{
if (pathProp.ValueKind != JsonValueKind.String)
Error("'path' property, if present, must be a string.");
path = Path.TrimEndingDirectorySeparator(pathProp.GetString()!);
if (Path.IsPathFullyQualified(path))
Error("'path' property, if present, must be relative.");
// TODO: It would be good to verify that the path does not contain any . or .. segments.
}

celerity/src/language/tooling/Projects/ProjectConfiguration.cs

Lines 101 to 130 in 29063c1

var paths = ImmutableDictionary<ModulePath, string>.Empty;
if (root.TryGetProperty("paths"u8, out var pathsProp))
{
if (pathsProp.ValueKind != JsonValueKind.Object)
Error("'paths' property, if present, must be an object.");
foreach (var prop in pathsProp.EnumerateObject())
{
if (!ModulePath.TryCreate(prop.Name, out var modPath))
Error($"Module path '{prop.Name}' is invalid.");
if (paths.ContainsKey(modPath))
Error($"Module path '{prop.Name}' has multiple entries.");
var value = prop.Value;
if (value.ValueKind != JsonValueKind.String)
Error($"Directory path for module path '{prop.Name}' must be a string.");
var dir = Path.TrimEndingDirectorySeparator(value.GetString()!);
if (Path.IsPathFullyQualified(dir))
Error($"Directory path for module path '{prop.Name}' must be relative.");
// TODO: It would be good to verify that the path does not contain any . or .. segments.
paths = paths.SetItem(modPath, dir);
}
}

celerity/src/language/tooling/Workspaces/WorkspaceWatcher.cs

Lines 14 to 20 in 29063c1

internal static bool IsValidPath(string path)
{
Check.NullOrWhiteSpace(path);
// TODO: It would be good to verify that the path does not contain any . or .. segments.
return !Path.IsPathFullyQualified(path) && Path.GetExtension(path) == ".cel";
}

@alexrp alexrp added state: approved Enhancements and tasks that have been approved. type: feature area: tooling Issues related to the tooling layer. labels May 2, 2023
@alexrp alexrp added this to the v1.0 milestone May 2, 2023
@alexrp alexrp self-assigned this May 2, 2023
@alexrp
Copy link
Member Author

alexrp commented May 19, 2023

This is trivial enough on Unix, I think. I just don't know if Windows (with its insane complexity around paths) has any gotchas here...

@alexrp alexrp removed their assignment Jan 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area: tooling Issues related to the tooling layer. state: approved Enhancements and tasks that have been approved.
Milestone
v1.0
Development

No branches or pull requests
1 participant
@alexrp