-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Builder
(or create_helper
) to check that the supplied prefix
and suffix
don't contain /
#59
Comments
So, filtering In retrospect, we probably should have checked for path separators. However, the documentation currently explicitly allows them. |
@Stebalien As explained in one of the previous issues, my main usage for this library is in a runtime for a (shell) scripting language, and thus many of the parameters sent to Now I understand that all developers should do their best in sanitizing the user inputs, before passing these values to the underlying libraries. However this imposes extra burden on those developers (which is the first reason they use a library and not write their own). Moreover in order to "perfectly" sanitize the inputs, one must have in-depth knowledge of how said library would use these inputs, which again adds development overhead. Imagine one uses Rust and the Therefore, especially since |
I agree but @KodrAus thoughts? I'm really tempted to fix this as a security oversight. |
@Stebalien Personally, I think changing the behaviour here to prevent the prefix and suffix from altering the path is reasonable. I wouldn't necessarily expect |
I usually check all paths before passing to functions. This one was never a pain point to me, but I also never relied on this behavior. Non-breaking alternate solution: fn prefix_checked(...) -> Option<_>
fn suffix_checked(...) -> Option<_> Having Another one: deprecate |
Hm. I like that second option actually... |
🤔 hmmm, one problem tho, people might expect all And it looks like the existing (Same for |
Dammit! The ones I just added. |
As the title says, currently the code doesn't make any validations if the
prefix
orsuffix
are valid path component values (i.e. they don't contain a slash or\0
).(If needed I can provide the patch.)
The text was updated successfully, but these errors were encountered: