deslop 0.2.0

A static analyzer that spots low-context and AI-assisted code patterns across naming, concurrency, security, performance, and test quality.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

use std::fs::{File, OpenOptions, symlink_metadata};
use std::io::{BufReader, Read};
use std::path::{Path, PathBuf};

#[cfg(unix)]
use std::os::unix::fs::OpenOptionsExt;

use crate::{Error, Result};

pub const DEFAULT_MAX_BYTES: u64 = 10 * 1024 * 1024;

pub fn read_to_string_limited(path: &Path, max_bytes: u64) -> Result<String> {
    reject_symlink(path)?;
    let file = open_readonly(path)?;
    let size = file
        .metadata()
        .map_err(|error| Error::io(path, error))?
        .len();

    if size > max_bytes {
        return Err(Error::InputTooLarge {
            path: path.to_path_buf(),
            size,
            max_bytes,
        });
    }

    let mut reader = BufReader::new(file);
    let mut source = String::new();
    let bytes_read = u64::try_from(
        reader
            .by_ref()
            .take(max_bytes + 1)
            .read_to_string(&mut source)
            .map_err(|error| Error::io(path, error))?,
    )
    .map_err(|_| Error::byte_count_overflow(path, source.len()))?;

    if bytes_read > max_bytes {
        return Err(Error::InputTooLarge {
            path: path.to_path_buf(),
            size: bytes_read,
            max_bytes,
        });
    }

    Ok(source)
}

pub(crate) fn canonicalize_within_root(root: &Path, candidate: &Path) -> Result<PathBuf> {
    let canonical_root = root
        .canonicalize()
        .map_err(|error| Error::io(root, error))?;
    reject_symlink(candidate)?;
    let canonical_path = candidate
        .canonicalize()
        .map_err(|error| Error::io(candidate, error))?;

    if !canonical_path.starts_with(&canonical_root) {
        return Err(Error::path_outside_root(canonical_path, canonical_root));
    }

    Ok(canonical_path)
}

fn reject_symlink(path: &Path) -> Result<()> {
    let metadata = symlink_metadata(path).map_err(|error| Error::io(path, error))?;
    if metadata.file_type().is_symlink() {
        return Err(Error::symlink_rejected(path));
    }

    Ok(())
}

#[cfg(unix)]
fn open_readonly(path: &Path) -> Result<File> {
    OpenOptions::new()
        .read(true)
        .custom_flags(libc::O_NOFOLLOW)
        .open(path)
        .map_err(|error| Error::io(path, error))
}

#[cfg(not(unix))]
fn open_readonly(path: &Path) -> Result<File> {
    File::open(path).map_err(|error| Error::io(path, error))
}

#[cfg(test)]
mod tests {
    use std::fs;

    use proptest::prelude::*;
    use tempfile::{Builder, tempdir};

    use super::read_to_string_limited;
    use crate::Error;

    fn temp_file(name: &str) -> tempfile::NamedTempFile {
        Builder::new()
            .prefix(&format!("deslop-io-{name}-"))
            .tempfile()
            .expect("temp file should be created")
    }

    #[test]
    fn reads_small_file() {
        let path = temp_file("small");
        fs::write(path.path(), "hello world").expect("temp file write should succeed");

        let contents = read_to_string_limited(path.path(), 64).expect("small file should read");
        assert_eq!(contents, "hello world");
    }

    #[test]
    fn rejects_oversized_file() {
        let path = temp_file("large");
        fs::write(path.path(), "0123456789abcdef").expect("temp file write should succeed");

        let error = read_to_string_limited(path.path(), 4).expect_err("oversized file should fail");
        assert!(matches!(error, Error::InputTooLarge { .. }));
    }

    #[test]
    fn accepts_input_at_exact_limit() {
        let path = temp_file("exact-limit");
        fs::write(path.path(), "1234").expect("temp file write should succeed");

        let contents = read_to_string_limited(path.path(), 4).expect("exact limit should succeed");
        assert_eq!(contents, "1234");
    }

    #[cfg(unix)]
    #[test]
    fn rejects_symlink_input() {
        use std::os::unix::fs::symlink;

        let root = tempdir().expect("temp dir should be created");
        let target = root.path().join("target.txt");
        let link = root.path().join("link.txt");
        fs::write(&target, "hello").expect("target file write should succeed");
        symlink(&target, &link).expect("symlink should be created");

        let error = read_to_string_limited(&link, 32).expect_err("symlinked file should fail");
        assert!(matches!(error, Error::SymlinkRejected { .. }));
    }

    proptest! {
        #[test]
        fn bounded_reads_track_input_size(len in 0usize..256, limit in 0usize..256) {
            let path = temp_file("prop-limit");
            let contents = "x".repeat(len);
            fs::write(path.path(), &contents).expect("temp file write should succeed");

            let result = read_to_string_limited(
                path.path(),
                u64::try_from(limit).expect("proptest limit should fit into u64"),
            );
            prop_assert_eq!(result.is_ok(), len <= limit);

            if let Ok(read_back) = result {
                prop_assert_eq!(read_back.len(), len);
            }
        }
    }
}