10000 Check symlink outside site_source without Pathutil by ashmaroli · Pull Request #9015 · jekyll/jekyll · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Check symlink outside site_source without Pathutil #9015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 3, 2022
Merged

Check symlink outside site_source without Pathutil #9015

merged 1 commit into from
Apr 3, 2022

Conversation

ashmaroli
Copy link
Member
@ashmaroli ashmaroli commented Mar 28, 2022
edited
Loading
  • This is a 🔨 code refactoring.

Summary

pathutil gem appears to be unmaintained.
Therefore, emulate its existing use in lib/jekyll/entry_filter.rb using Ruby's built-in methods.

Test Coverage

Relies on existing test defined as:

jekyll/test/test_entry_filter.rb

Lines 89 to 93 in e695c1e

should "filter symlink pointing outside site source" do
ent1 = %w(_includes/tmp)
entries = EntryFilter.new(@site).filter(ent1)
assert_equal %w(), entries
end

@ashmaroli ashmaroli requested review from mattr- and parkr March 28, 2022 12:18
parkr
parkr reviewed Mar 28, 2022
View reviewed changes
Copy link
Member
@parkr parkr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I thought of an alternative for you to consider but your original solution is likely still best.

lib/jekyll/entry_filter.rb
!Pathutil.new(entry).in_path?(
site.in_source_dir
)
!File.realpath(entry).start_with?(site.in_source_dir)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative here might be to check if a constructed path and the real path are not equal?

site.in_source_dir(entry) != File.realpath(entry)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The downside to this is that it results in consumption of additional resources.
site.in_source_dir(entry) is more expensive (both in terms of allocations and cpu) than site.in_source_dir.

A better alternative to my original proposal here would be to check directly against site.source instead:

Suggested change
!File.realpath(entry).start_with?(site.in_source_dir)
!File.realpath(entry).start_with?(site.source)

But since EntryFilter#symlink_outside_site_source? method is mostly invoked only if site.safe && File.symlink?(entry) returns true, the difference between site.source and site.in_source_dir is negligible.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. :shipit:

@ashmaroli
Copy link
Member Author

@jekyllbot: merge +dev

@jekyllbot jekyllbot merged commit 9c7972d into jekyll:master Apr 3, 2022
jekyllbot added a commit that referenced this pull request Apr 3, 2022
@jekyllbot
Update history to reflect merge of #9015 [ci skip]
354110d
@ashmaroli ashmaroli deleted the replace-pathutil-entry-filter branch April 3, 2022 16:59
github-actions bot pushed a commit that referenced this pull request Apr 3, 2022
@jekyllbot
Deploy docs from 9c7972d
4118af2 
Ashwin Maroli: Check symlink outside site_source without Pathutil (#9015)

Merge pull request 9015
@jekyll jekyll locked and limited conversation to collaborators Apr 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@parkr parkr parkr approved these changes

@mattr- mattr- Awaiting requested review from mattr-

Assignees
No one assigned
Labels
fix frozen-due-to-age internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ashmaroli @parkr @jekyllbot
0