Possibly over-cautious check in workingtree_4.py?

Andrew Bennetts andrew at canonical.com
Thu Aug 23 02:05:25 BST 2007


John Arbash Meinel wrote:
[...]
> I think that should be:
> 
> assert not f.startswith('../')
> assert '/../' not in f

Hmm.  we're dealing with user input, so these should not be asserts (“python -O”
should mean “optimised”, not “possibly insecure”!).  I guess the input here is
the dirstate, but is there any risk here if you are reading a workingtree owned
by another user?

Also, what about the case where f == './..'?  What about mixed separators on
platforms that allow them e.g. “./..\foo”?

Ideally, this sort of check belongs in bzrlib/osutils.py, and thoroughly tested
with every evil path we can think of.

-Andrew.




More information about the bazaar mailing list