diff options
author | Laszlo Csomor <laszlocsomor@google.com> | 2018-04-24 05:52:37 -0700 |
---|---|---|
committer | Copybara-Service <copybara-piper@google.com> | 2018-04-24 05:54:06 -0700 |
commit | f9cb859d45887f3f9aafdd535df0fc65718651af (patch) | |
tree | 32fd48612ef1b81d7cb9f87aad251bf2f7794710 /tools/bash | |
parent | dd9570b556e210da63a4ae882b55caf9fa10a995 (diff) |
runfiles: rlocation() checks if arg is normalized
rlocation() now validates that the path argument
is normalized, i.e. contains none of:
- current directory references (".")
- uplevel references ("..")
- double slash ("//")
This helps avoiding a bug similar to https://github.com/bazelbuild/bazel/pull/5083.
See https://github.com/bazelbuild/bazel/pull/4460
Change-Id: Ia73fa2df1eae86fc7084162c24e144129672742d
Closes #5085.
Change-Id: Ia73fa2df1eae86fc7084162c24e144129672742d
PiperOrigin-RevId: 194074072
Diffstat (limited to 'tools/bash')
-rw-r--r-- | tools/bash/runfiles/runfiles.bash | 6 | ||||
-rwxr-xr-x | tools/bash/runfiles/runfiles_test.bash | 28 |
2 files changed, 29 insertions, 5 deletions
diff --git a/tools/bash/runfiles/runfiles.bash b/tools/bash/runfiles/runfiles.bash index 6894a8bc15..b5e3416f7a 100644 --- a/tools/bash/runfiles/runfiles.bash +++ b/tools/bash/runfiles/runfiles.bash @@ -68,7 +68,7 @@ msys*|mingw*|cygwin*) ;; *) # matches an absolute Unix path - _rlocation_isabs_pattern="^/.*" + _rlocation_isabs_pattern="^/[^/].*" ;; esac @@ -77,9 +77,9 @@ function rlocation() { if [[ "$1" =~ $_rlocation_isabs_pattern ]]; then # If the path is absolute, print it as-is. echo $1 - elif [[ "$1" =~ \.\. ]]; then + elif [[ "$1" == ../* || "$1" == */.. || "$1" == ./* || "$1" == */./* || "$1" == "*/." || "$1" == *//* ]]; then if [[ "${RUNFILES_LIB_DEBUG:-}" == 1 ]]; then - echo >&2 "ERROR[runfiles.bash]: rlocation($1): contains uplevel reference" + echo >&2 "ERROR[runfiles.bash]: rlocation($1): path is not normalized" fi return 1 elif [[ "$1" == \\* ]]; then diff --git a/tools/bash/runfiles/runfiles_test.bash b/tools/bash/runfiles/runfiles_test.bash index 3d6dd8885c..0c1211c310 100755 --- a/tools/bash/runfiles/runfiles_test.bash +++ b/tools/bash/runfiles/runfiles_test.bash @@ -78,10 +78,34 @@ function test_rlocation_argument_validation() { source "$runfiles_lib_path" # Test invalid inputs to make sure rlocation catches these. - if (rlocation "foo/.." >&/dev/null); then + if rlocation "../foo" >&/dev/null; then fail fi - if (rlocation "\\foo" >&/dev/null); then + if rlocation "foo/.." >&/dev/null; then + fail + fi + if rlocation "foo/../bar" >&/dev/null; then + fail + fi + if rlocation "./foo" >&/dev/null; then + fail + fi + if rlocation "foo/." >&/dev/null; then + fail + fi + if rlocation "foo/./bar" >&/dev/null; then + fail + fi + if rlocation "//foo" >&/dev/null; then + fail + fi + if rlocation "foo//" >&/dev/null; then + fail + fi + if rlocation "foo//bar" >&/dev/null; then + fail + fi + if rlocation "\\foo" >&/dev/null; then fail fi } |