Skip to content

Commit

Permalink
fix(fs): Escape paths in Scope methods
Browse files Browse the repository at this point in the history
  • Loading branch information
FabianLars committed Nov 18, 2024
1 parent ff05a59 commit b42064d
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 8 deletions.
5 changes: 5 additions & 0 deletions .changes/fix-fs-scope-escape-paths.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
fs: patch
---

Paths given to the `Scope` methods are now correctly escaped, preventing issues with paths containing `[]`.
2 changes: 1 addition & 1 deletion plugins/fs/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ rustc-args = ["--cfg", "docsrs"]
rustdoc-args = ["--cfg", "docsrs"]

[package.metadata.platforms.support]
windows = { level = "full", notes = "" }
windows = { level = "full", notes = "No write access to `$RESOURCES` folder with MSI installer and NSIS installers in `perMachine` or `both` mode" }
linux = { level = "full", notes = "No write access to `$RESOURCES` folder" }
macos = { level = "full", notes = "No write access to `$RESOURCES` folder" }
android = { level = "partial", notes = "Access is restricted to Application folder by default" }
Expand Down
35 changes: 28 additions & 7 deletions plugins/fs/src/scope.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@

use std::{
collections::HashMap,
path::{Path, PathBuf},
path::{Path, PathBuf, MAIN_SEPARATOR},
sync::{
atomic::{AtomicU32, Ordering},
Mutex,
},
};

use glob::Pattern;
use serde::Deserialize;

#[derive(Deserialize)]
Expand Down Expand Up @@ -56,8 +57,9 @@ impl Scope {

{
let mut allowed = self.allowed.lock().unwrap();
allowed.push(path.to_path_buf());
allowed.push(path.join(if recursive { "**" } else { "*" }));
let p = path.to_string_lossy();
allowed.push(escaped_pattern(&p));
allowed.push(escaped_pattern_with(&p, if recursive { "**" } else { "*" }));
}

self.emit(Event::PathAllowed(path.to_path_buf()));
Expand All @@ -69,7 +71,10 @@ impl Scope {
pub fn allow_file<P: AsRef<Path>>(&self, path: P) {
let path = path.as_ref();

self.allowed.lock().unwrap().push(path.to_path_buf());
self.allowed
.lock()
.unwrap()
.push(escaped_pattern(&path.to_string_lossy()));

self.emit(Event::PathAllowed(path.to_path_buf()));
}
Expand All @@ -82,8 +87,9 @@ impl Scope {

{
let mut denied = self.denied.lock().unwrap();
denied.push(path.to_path_buf());
denied.push(path.join(if recursive { "**" } else { "*" }));
let p = path.to_string_lossy();
denied.push(escaped_pattern(&p));
denied.push(escaped_pattern_with(&p, if recursive { "**" } else { "*" }));
}

self.emit(Event::PathForbidden(path.to_path_buf()));
Expand All @@ -95,7 +101,10 @@ impl Scope {
pub fn forbid_file<P: AsRef<Path>>(&self, path: P) {
let path = path.as_ref();

self.denied.lock().unwrap().push(path.to_path_buf());
self.denied
.lock()
.unwrap()
.push(escaped_pattern(&path.to_string_lossy()));

self.emit(Event::PathForbidden(path.to_path_buf()));
}
Expand Down Expand Up @@ -129,3 +138,15 @@ impl Scope {
id
}
}

fn escaped_pattern(p: &str) -> Result<Pattern, glob::PatternError> {
Pattern::new(&Pattern::escape(p))
}

fn escaped_pattern_with(p: &str, append: &str) -> Result<Pattern, glob::PatternError> {
if p.ends_with(MAIN_SEPARATOR) {
Pattern::new(&format!("{}{append}", Pattern::escape(p)))
} else {
Pattern::new(&format!("{}{}{append}", Pattern::escape(p), MAIN_SEPARATOR))
}
}

0 comments on commit b42064d

Please sign in to comment.