Possibly over-cautious check in workingtree_4.py?
Andrew Bennetts
andrew at canonical.com
Thu Aug 23 02:05:25 BST 2007
John Arbash Meinel wrote:
[...]
> I think that should be:
>
> assert not f.startswith('../')
> assert '/../' not in f
Hmm. we're dealing with user input, so these should not be asserts (“python -O”
should mean “optimised”, not “possibly insecure”!). I guess the input here is
the dirstate, but is there any risk here if you are reading a workingtree owned
by another user?
Also, what about the case where f == './..'? What about mixed separators on
platforms that allow them e.g. “./..\foo”?
Ideally, this sort of check belongs in bzrlib/osutils.py, and thoroughly tested
with every evil path we can think of.
-Andrew.
More information about the bazaar
mailing list