Possibly over-cautious check in workingtree_4.py?

John Arbash Meinel john at arbash-meinel.com
Thu Aug 23 04:19:38 BST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Bennetts wrote:
> John Arbash Meinel wrote:
> [...]
>> I think that should be:
>>
>> assert not f.startswith('../')
>> assert '/../' not in f
> 
> Hmm.  we're dealing with user input, so these should not be asserts (“python -O”
> should mean “optimised”, not “possibly insecure”!).  I guess the input here is
> the dirstate, but is there any risk here if you are reading a workingtree owned
> by another user?
> 
> Also, what about the case where f == './..'?  What about mixed separators on
> platforms that allow them e.g. “./..\foo”?
> 
> Ideally, this sort of check belongs in bzrlib/osutils.py, and thoroughly tested
> with every evil path we can think of.
> 
> -Andrew.

Actually, I think by the time you are using WorkingTree.add() you should have
sanitized your input.

smart_add (which is what 'bzr add' uses) does it at an entirely different
level, and doesn't use WT.add(). WT.add() is only really used by the test
suite, and by people writing their own scripts.

I would be okay with dropping it entirely, as it is meant to help developers
know how to use the api, not for actual integrity checking.

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzPydJdeBCYSNAAMRAlgZAJ9U/rzDXs5oq8i1gEVq+QTsu2bUDgCgxt38
bAJuWVR3KOQwQ/qT4lygEOw=
=hZ7g
-----END PGP SIGNATURE-----



More information about the bazaar mailing list