mirror of
https://github.com/nushell/nushell
synced 2025-01-14 14:14:13 +00:00
fix: prevent relative directory traversal from crashing (#12438)
<!-- if this PR closes one or more issues, you can automatically link the PR with them by using one of the [*linking keywords*](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword), e.g. - this PR should close #xxxx - fixes #xxxx you can also mention related issues, PRs or discussions! --> - fixes #11922 - fixes #12203 # Description <!-- Thank you for improving Nushell. Please, check our [contributing guide](../CONTRIBUTING.md) and talk to the core team before making major changes. Description of your pull request goes here. **Provide examples and/or screenshots** if your changes affect the user experience. --> This is a rewrite for some parts of the recursive completion system. The Rust `std::path` structures often ignores things like a trailing `.` because for a complete path, it implies the current directory. We are replacing the use of some of these structs for Strings. A side effect is the slashes being normalized in Windows. For example if we were to type `foo/bar/b`, it would complete it to `foo\bar\baz` because a backward slash is the main separator in windows. # User-Facing Changes <!-- List of all changes that impact the user experience here. This helps us keep track of breaking changes. --> Relative paths are preserved. `..`s in the paths won't eagerly show completions from the parent path. For example, `asd/foo/../b` will now complete to `asd/foo/../bar` instead of `asd/bar`. # Tests + Formatting <!-- Don't forget to add tests that cover your changes. Make sure you've run and fixed any issues with these commands: - `cargo fmt --all -- --check` to check standard code formatting (`cargo fmt --all` applies these changes) - `cargo clippy --workspace -- -D warnings -D clippy::unwrap_used` to check that you're using the standard code style - `cargo test --workspace` to check that all tests pass (on Windows make sure to [enable developer mode](https://learn.microsoft.com/en-us/windows/apps/get-started/developer-mode-features-and-debugging)) - `cargo run -- -c "use std testing; testing run-tests --path crates/nu-std"` to run the tests for the standard library > **Note** > from `nushell` you can also use the `toolkit` as follows > ```bash > use toolkit.nu # or use an `env_change` hook to activate it automatically > toolkit check pr > ``` --> # After Submitting <!-- If your PR had any user-facing changes, update [the documentation](https://github.com/nushell/nushell.github.io) after the PR is merged, if necessary. This will help us keep the docs up to date. -->
This commit is contained in:
parent
a1287f7b3f
commit
35a0f7a369
2 changed files with 117 additions and 95 deletions
|
@ -7,40 +7,65 @@ use nu_protocol::{
|
||||||
Span,
|
Span,
|
||||||
};
|
};
|
||||||
use nu_utils::get_ls_colors;
|
use nu_utils::get_ls_colors;
|
||||||
use std::{
|
use std::path::{
|
||||||
ffi::OsStr,
|
is_separator, Component, Path, PathBuf, MAIN_SEPARATOR as SEP, MAIN_SEPARATOR_STR,
|
||||||
path::{is_separator, Component, Path, PathBuf, MAIN_SEPARATOR as SEP},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#[derive(Clone, Default)]
|
||||||
|
pub struct PathBuiltFromString {
|
||||||
|
parts: Vec<String>,
|
||||||
|
isdir: bool,
|
||||||
|
}
|
||||||
|
|
||||||
fn complete_rec(
|
fn complete_rec(
|
||||||
partial: &[String],
|
partial: &[&str],
|
||||||
|
built: &PathBuiltFromString,
|
||||||
cwd: &Path,
|
cwd: &Path,
|
||||||
options: &CompletionOptions,
|
options: &CompletionOptions,
|
||||||
dir: bool,
|
dir: bool,
|
||||||
isdir: bool,
|
isdir: bool,
|
||||||
) -> Vec<PathBuf> {
|
) -> Vec<PathBuiltFromString> {
|
||||||
let mut completions = vec![];
|
let mut completions = vec![];
|
||||||
|
|
||||||
if let Ok(result) = cwd.read_dir() {
|
if let Some((&base, rest)) = partial.split_first() {
|
||||||
for entry in result.filter_map(|e| e.ok()) {
|
if (base == "." || base == "..") && (isdir || !rest.is_empty()) {
|
||||||
let entry_name = entry.file_name().to_string_lossy().into_owned();
|
let mut built = built.clone();
|
||||||
let path = entry.path();
|
built.parts.push(base.to_string());
|
||||||
|
built.isdir = true;
|
||||||
|
return complete_rec(rest, &built, cwd, options, dir, isdir);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if !dir || path.is_dir() {
|
let mut built_path = cwd.to_path_buf();
|
||||||
match partial.first() {
|
for part in &built.parts {
|
||||||
Some(base) if matches(base, &entry_name, options) => {
|
built_path.push(part);
|
||||||
let partial = &partial[1..];
|
}
|
||||||
if !partial.is_empty() || isdir {
|
|
||||||
completions.extend(complete_rec(partial, &path, options, dir, isdir));
|
let Ok(result) = built_path.read_dir() else {
|
||||||
if entry_name.eq(base) {
|
return completions;
|
||||||
break;
|
};
|
||||||
}
|
|
||||||
|
for entry in result.filter_map(|e| e.ok()) {
|
||||||
|
let entry_name = entry.file_name().to_string_lossy().into_owned();
|
||||||
|
let entry_isdir = entry.path().is_dir();
|
||||||
|
let mut built = built.clone();
|
||||||
|
built.parts.push(entry_name.clone());
|
||||||
|
built.isdir = entry_isdir;
|
||||||
|
|
||||||
|
if !dir || entry_isdir {
|
||||||
|
match partial.split_first() {
|
||||||
|
Some((base, rest)) => {
|
||||||
|
if matches(base, &entry_name, options) {
|
||||||
|
if !rest.is_empty() || isdir {
|
||||||
|
completions
|
||||||
|
.extend(complete_rec(rest, &built, cwd, options, dir, isdir));
|
||||||
} else {
|
} else {
|
||||||
completions.push(path)
|
completions.push(built);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => completions.push(path),
|
}
|
||||||
_ => {}
|
None => {
|
||||||
|
completions.push(built);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -48,33 +73,23 @@ fn complete_rec(
|
||||||
completions
|
completions
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
enum OriginalCwd {
|
enum OriginalCwd {
|
||||||
None,
|
None,
|
||||||
Home(PathBuf),
|
Home,
|
||||||
Some(PathBuf),
|
Prefix(String),
|
||||||
// referencing a single local file
|
|
||||||
Local(PathBuf),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl OriginalCwd {
|
impl OriginalCwd {
|
||||||
fn apply(&self, p: &Path) -> String {
|
fn apply(&self, mut p: PathBuiltFromString) -> String {
|
||||||
let mut ret = match self {
|
match self {
|
||||||
Self::None => p.to_string_lossy().into_owned(),
|
Self::None => {}
|
||||||
Self::Some(base) => pathdiff::diff_paths(p, base)
|
Self::Home => p.parts.insert(0, "~".to_string()),
|
||||||
.unwrap_or(p.to_path_buf())
|
Self::Prefix(s) => p.parts.insert(0, s.clone()),
|
||||||
.to_string_lossy()
|
|
||||||
.into_owned(),
|
|
||||||
Self::Home(home) => match p.strip_prefix(home) {
|
|
||||||
Ok(suffix) => format!("~{}{}", SEP, suffix.to_string_lossy()),
|
|
||||||
_ => p.to_string_lossy().into_owned(),
|
|
||||||
},
|
|
||||||
Self::Local(base) => Path::new(".")
|
|
||||||
.join(pathdiff::diff_paths(p, base).unwrap_or(p.to_path_buf()))
|
|
||||||
.to_string_lossy()
|
|
||||||
.into_owned(),
|
|
||||||
};
|
};
|
||||||
|
|
||||||
if p.is_dir() {
|
let mut ret = p.parts.join(MAIN_SEPARATOR_STR);
|
||||||
|
if p.isdir {
|
||||||
ret.push(SEP);
|
ret.push(SEP);
|
||||||
}
|
}
|
||||||
ret
|
ret
|
||||||
|
@ -116,79 +131,67 @@ pub fn complete_item(
|
||||||
};
|
};
|
||||||
get_ls_colors(ls_colors_env_str)
|
get_ls_colors(ls_colors_env_str)
|
||||||
});
|
});
|
||||||
|
|
||||||
|
let mut cwd = cwd_pathbuf.clone();
|
||||||
|
let mut prefix_len = 0;
|
||||||
let mut original_cwd = OriginalCwd::None;
|
let mut original_cwd = OriginalCwd::None;
|
||||||
let mut components_vec: Vec<Component> = Path::new(&partial).components().collect();
|
|
||||||
|
|
||||||
// Path components that end with a single "." get normalized away,
|
let mut components = Path::new(&partial).components().peekable();
|
||||||
// so if the partial path ends in a literal "." we must add it back in manually
|
match components.peek().cloned() {
|
||||||
if partial.ends_with('.') && partial.len() > 1 {
|
|
||||||
components_vec.push(Component::Normal(OsStr::new(".")));
|
|
||||||
};
|
|
||||||
let mut components = components_vec.into_iter().peekable();
|
|
||||||
|
|
||||||
let mut cwd = match components.peek().cloned() {
|
|
||||||
Some(c @ Component::Prefix(..)) => {
|
Some(c @ Component::Prefix(..)) => {
|
||||||
// windows only by definition
|
// windows only by definition
|
||||||
components.next();
|
components.next();
|
||||||
if let Some(Component::RootDir) = components.peek().cloned() {
|
if let Some(Component::RootDir) = components.peek().cloned() {
|
||||||
components.next();
|
components.next();
|
||||||
};
|
};
|
||||||
[c, Component::RootDir].iter().collect()
|
cwd = [c, Component::RootDir].iter().collect();
|
||||||
|
prefix_len = c.as_os_str().len();
|
||||||
|
original_cwd = OriginalCwd::Prefix(c.as_os_str().to_string_lossy().into_owned());
|
||||||
}
|
}
|
||||||
Some(c @ Component::RootDir) => {
|
Some(c @ Component::RootDir) => {
|
||||||
components.next();
|
components.next();
|
||||||
PathBuf::from(c.as_os_str())
|
// This is kind of a hack. When joining an empty string with the rest,
|
||||||
|
// we add the slash automagically
|
||||||
|
cwd = PathBuf::from(c.as_os_str());
|
||||||
|
prefix_len = 1;
|
||||||
|
original_cwd = OriginalCwd::Prefix(String::new());
|
||||||
}
|
}
|
||||||
Some(Component::Normal(home)) if home.to_string_lossy() == "~" => {
|
Some(Component::Normal(home)) if home.to_string_lossy() == "~" => {
|
||||||
components.next();
|
components.next();
|
||||||
original_cwd = OriginalCwd::Home(home_dir().unwrap_or(cwd_pathbuf.clone()));
|
cwd = home_dir().unwrap_or(cwd_pathbuf);
|
||||||
home_dir().unwrap_or(cwd_pathbuf)
|
prefix_len = 1;
|
||||||
}
|
original_cwd = OriginalCwd::Home;
|
||||||
Some(Component::CurDir) => {
|
|
||||||
components.next();
|
|
||||||
original_cwd = match components.peek().cloned() {
|
|
||||||
Some(Component::Normal(_)) | None => OriginalCwd::Local(cwd_pathbuf.clone()),
|
|
||||||
_ => OriginalCwd::Some(cwd_pathbuf.clone()),
|
|
||||||
};
|
|
||||||
cwd_pathbuf
|
|
||||||
}
|
|
||||||
_ => {
|
|
||||||
original_cwd = OriginalCwd::Some(cwd_pathbuf.clone());
|
|
||||||
cwd_pathbuf
|
|
||||||
}
|
}
|
||||||
|
_ => {}
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut partial = vec![];
|
let after_prefix = &partial[prefix_len..];
|
||||||
|
let partial: Vec<_> = after_prefix
|
||||||
|
.strip_prefix(is_separator)
|
||||||
|
.unwrap_or(after_prefix)
|
||||||
|
.split(is_separator)
|
||||||
|
.filter(|s| !s.is_empty())
|
||||||
|
.collect();
|
||||||
|
|
||||||
for component in components {
|
complete_rec(
|
||||||
match component {
|
partial.as_slice(),
|
||||||
Component::Prefix(..) => unreachable!(),
|
&PathBuiltFromString::default(),
|
||||||
Component::RootDir => unreachable!(),
|
&cwd,
|
||||||
Component::CurDir => {}
|
options,
|
||||||
Component::ParentDir => {
|
want_directory,
|
||||||
if partial.pop().is_none() {
|
isdir,
|
||||||
cwd.pop();
|
)
|
||||||
}
|
.into_iter()
|
||||||
}
|
.map(|p| {
|
||||||
Component::Normal(c) => partial.push(c.to_string_lossy().into_owned()),
|
let path = original_cwd.apply(p);
|
||||||
}
|
let style = ls_colors.as_ref().map(|lsc| {
|
||||||
}
|
lsc.style_for_path_with_metadata(&path, std::fs::symlink_metadata(&path).ok().as_ref())
|
||||||
|
|
||||||
complete_rec(partial.as_slice(), &cwd, options, want_directory, isdir)
|
|
||||||
.into_iter()
|
|
||||||
.map(|p| {
|
|
||||||
let path = original_cwd.apply(&p);
|
|
||||||
let style = ls_colors.as_ref().map(|lsc| {
|
|
||||||
lsc.style_for_path_with_metadata(
|
|
||||||
&path,
|
|
||||||
std::fs::symlink_metadata(&path).ok().as_ref(),
|
|
||||||
)
|
|
||||||
.map(lscolors::Style::to_nu_ansi_term_style)
|
.map(lscolors::Style::to_nu_ansi_term_style)
|
||||||
.unwrap_or_default()
|
.unwrap_or_default()
|
||||||
});
|
});
|
||||||
(span, escape_path(path, want_directory), style)
|
(span, escape_path(path, want_directory), style)
|
||||||
})
|
})
|
||||||
.collect()
|
.collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fix files or folders with quotes or hashes
|
// Fix files or folders with quotes or hashes
|
||||||
|
|
|
@ -334,7 +334,26 @@ fn partial_completions() {
|
||||||
let suggestions = completer.complete(&target_dir, target_dir.len());
|
let suggestions = completer.complete(&target_dir, target_dir.len());
|
||||||
|
|
||||||
// Create the expected values
|
// Create the expected values
|
||||||
let expected_paths: Vec<String> = vec![file(dir.join("final_partial").join("somefile"))];
|
let expected_paths: Vec<String> = vec![
|
||||||
|
file(
|
||||||
|
dir.join("partial_a")
|
||||||
|
.join("..")
|
||||||
|
.join("final_partial")
|
||||||
|
.join("somefile"),
|
||||||
|
),
|
||||||
|
file(
|
||||||
|
dir.join("partial_b")
|
||||||
|
.join("..")
|
||||||
|
.join("final_partial")
|
||||||
|
.join("somefile"),
|
||||||
|
),
|
||||||
|
file(
|
||||||
|
dir.join("partial_c")
|
||||||
|
.join("..")
|
||||||
|
.join("final_partial")
|
||||||
|
.join("somefile"),
|
||||||
|
),
|
||||||
|
];
|
||||||
|
|
||||||
// Match the results
|
// Match the results
|
||||||
match_suggestions(expected_paths, suggestions);
|
match_suggestions(expected_paths, suggestions);
|
||||||
|
|
Loading…
Reference in a new issue