diff options
| author |  Laszlo Csomor <laszlocsomor@google.com> | 2018-04-24 05:52:37 -0700 |
|---|---|---|
| committer |  Copybara-Service <copybara-piper@google.com> | 2018-04-24 05:54:06 -0700 |
| commit | f9cb859d45887f3f9aafdd535df0fc65718651af (patch) | |
| tree | 32fd48612ef1b81d7cb9f87aad251bf2f7794710 /tools/python | |
| parent | dd9570b556e210da63a4ae882b55caf9fa10a995 (diff) | |
runfiles: rlocation() checks if arg is normalized
rlocation() now validates that the path argument
is normalized, i.e. contains none of:
- current directory references (".")
- uplevel references ("..")
- double slash ("//")
This helps avoiding a bug similar to https://github.com/bazelbuild/bazel/pull/5083.
See https://github.com/bazelbuild/bazel/pull/4460
Change-Id: Ia73fa2df1eae86fc7084162c24e144129672742d
Closes #5085.
Change-Id: Ia73fa2df1eae86fc7084162c24e144129672742d
PiperOrigin-RevId: 194074072
Diffstat (limited to 'tools/python')
| -rw-r--r-- | tools/python/runfiles/runfiles.py | 8 | ||||
| -rw-r--r-- | tools/python/runfiles/runfiles_test.py | 18 |
2 files changed, 21 insertions, 5 deletions
diff --git a/tools/python/runfiles/runfiles.py b/tools/python/runfiles/runfiles.py index 17e4121a0f..1053319eca 100644 --- a/tools/python/runfiles/runfiles.py +++ b/tools/python/runfiles/runfiles.py @@ -119,15 +119,15 @@ class _Runfiles(object): None if the method doesn't know about this runfile Raises: TypeError: if `path` is not a string - ValueError: if `path` is None or empty, or it's absolute or contains - uplevel references + ValueError: if `path` is None or empty, or it's absolute or not normalized """ if not path: raise ValueError() if not isinstance(path, str): raise TypeError() - if ".." in path: - raise ValueError("path contains uplevel references: \"%s\"" % path) + if (path.startswith("../") or "/.." in path or path.startswith("./") or + "/./" in path or path.endswith("/.") or "//" in path): + raise ValueError("path is not normalized: \"%s\"" % path) if path[0] == "\\": raise ValueError("path is absolute without a drive letter: \"%s\"" % path) if os.path.isabs(path): diff --git a/tools/python/runfiles/runfiles_test.py b/tools/python/runfiles/runfiles_test.py index bbe1c84be4..f8373054c8 100644 --- a/tools/python/runfiles/runfiles_test.py +++ b/tools/python/runfiles/runfiles_test.py @@ -28,8 +28,24 @@ class RunfilesTest(unittest.TestCase): self.assertRaises(ValueError, lambda: r.Rlocation(None)) self.assertRaises(ValueError, lambda: r.Rlocation("")) self.assertRaises(TypeError, lambda: r.Rlocation(1)) - self.assertRaisesRegexp(ValueError, "contains uplevel", + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("../foo")) + self.assertRaisesRegexp(ValueError, "is not normalized", lambda: r.Rlocation("foo/..")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("foo/../bar")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("./foo")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("foo/.")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("foo/./bar")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("//foobar")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("foo//")) + self.assertRaisesRegexp(ValueError, "is not normalized", + lambda: r.Rlocation("foo//bar")) self.assertRaisesRegexp(ValueError, "is absolute without a drive letter", lambda: r.Rlocation("\\foo")) |