1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
use std::path::{Path, PathBuf};
use gix_fs::Stack;
use crate::SymlinkCheck;
impl SymlinkCheck {
/// Create a new stack that starts operating at `root`.
pub fn new(root: PathBuf) -> Self {
Self {
inner: gix_fs::Stack::new(root),
}
}
/// Return a valid filesystem path located in our root by appending `relative_path`, which is guaranteed to
/// not pass through a symbolic link. That way the caller can be sure to not be misled by an attacker that
/// tries to make us reach outside of the repository.
///
/// Note that the file pointed to by `relative_path` may still be a symbolic link, or not exist at all,
/// and that an error may also be produced if directories on the path leading to the leaf
/// component of `relative_path` are missing.
///
/// ### Note
///
/// On windows, no verification is performed, instead only the combined path is provided as usual.
pub fn verified_path(&mut self, relative_path: &Path) -> std::io::Result<&Path> {
self.inner.make_relative_path_current(relative_path, &mut Delegate)?;
Ok(self.inner.current())
}
}
struct Delegate;
impl gix_fs::stack::Delegate for Delegate {
fn push_directory(&mut self, _stack: &Stack) -> std::io::Result<()> {
Ok(())
}
#[cfg_attr(windows, allow(unused_variables))]
fn push(&mut self, is_last_component: bool, stack: &Stack) -> std::io::Result<()> {
#[cfg(windows)]
{
Ok(())
}
#[cfg(not(windows))]
{
if is_last_component {
return Ok(());
}
if stack.current().symlink_metadata()?.is_symlink() {
return Err(std::io::Error::new(
std::io::ErrorKind::Other,
"Cannot step through symlink to perform an lstat",
));
}
Ok(())
}
}
fn pop_directory(&mut self) {}
}