rs_clean 0.3.0

Rust project that provides a command-line tool designed for cleaning up build artifacts within projects.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276

use which::which;
use std::path::{Path, PathBuf};
use crate::config::ConfigError; // 引入 ConfigError

pub fn command_exists(cmd: &str) -> bool {
    which(cmd).is_ok()
}

/// Validate and sanitize a path to prevent directory traversal attacks
pub fn validate_and_sanitize_path(path_str: &str) -> Result<PathBuf, ConfigError> {
    let path = Path::new(path_str);
    
    // Check for empty path
    if path_str.is_empty() {
        return Err(ConfigError::InvalidConfig(
            "Path cannot be empty".to_string()
        ));
    }

    // Normalize path separators for cross-platform checking
    let path_str_normalized = path_str.replace('\\', "/");
    
    // Check for path traversal patterns (cross-platform)
    if path_str_normalized.contains("../") || path_str_normalized.contains("~/") {
        return Err(ConfigError::InvalidConfig(
            "Path traversal (../) or home directory (~) not allowed".to_string()
        ));
    }

    // Check for absolute paths that might be dangerous
    if path.is_absolute() {
        // For security, we'll restrict absolute paths to common safe directories
        let path_str_lower = path_str_normalized.to_lowercase();
        let dangerous_patterns = [
            // Unix system directories
            "/etc", "/usr", "/bin", "/sbin", "/lib", "/boot", "/dev", "/proc",
            "/sys", "/root", "/var", "/opt", "/tmp", "/home", "/mnt", "/media",
            // Windows system directories
            "c:/windows", "c:\\windows", "d:/windows", "d:\\windows",
            "c:/program files", "c:\\program files", "c:/program files (x86)", "c:\\program files (x86)",
            "c:/system32", "c:\\system32", "c:/winnt", "c:\\winnt",
            // macOS system directories
            "/applications", "/library", "/system", "/users",
            // Common dangerous paths
            "/windows", "/program files", "/system32", "/winnt",
        ];
        
        // Check for exact matches and prefix matches
        for pattern in &dangerous_patterns {
            let pattern_lower = pattern.to_lowercase();
            if path_str_lower.starts_with(&pattern_lower) {
                // Check if it's exactly the pattern or pattern followed by a separator
                let path_len = path_str_lower.len();
                let pattern_len = pattern_lower.len();
                if path_len == pattern_len ||
                   path_str_lower.chars().nth(pattern_len).map_or(false, |c| c == '/' || c == '\\') {
                    return Err(ConfigError::InvalidConfig(
                        format!("Access to system directory '{}' not allowed", pattern)
                    ));
                }
            }
        }
    }

    // Always attempt canonicalization for security - this is critical
    let canonical_path = match path.canonicalize() {
        Ok(path) => path,
        Err(_) => {
            return Err(ConfigError::InvalidConfig(
                "Path does not exist or cannot be accessed".to_string()
            ));
        }
    };

    // Ensure path doesn't escape current working directory
    if let Ok(current_dir) = std::env::current_dir() {
        if let Ok(current_canonical) = current_dir.canonicalize() {
            if !canonical_path.starts_with(&current_canonical) {
                return Err(ConfigError::InvalidConfig(
                    "Path must be within the current directory tree".to_string()
                ));
            }
        }
    }

    Ok(canonical_path)
}

/// Validate exclude directory names to prevent injection attacks
pub fn validate_exclude_dir_name(dir_name: &str) -> Result<(), ConfigError> {
    if dir_name.is_empty() {
        return Err(ConfigError::InvalidConfig(
            "Exclude directory name cannot be empty".to_string()
        ));
    }

    // Check for path traversal attempts
    if dir_name.contains("..") || dir_name.contains('/') || dir_name.contains('\\') {
        return Err(ConfigError::InvalidConfig(
            format!("Invalid exclude directory name: '{}'", dir_name)
        ));
    }

    // Check for reserved names
    if dir_name == "." || dir_name == ".." {
        return Err(ConfigError::InvalidConfig(
            format!("Reserved directory name cannot be excluded: '{}'", dir_name)
        ));
    }

    // Check for Windows reserved names (case-insensitive)
    let dir_name_lower = dir_name.to_lowercase();
    let windows_reserved = [
        "con", "prn", "aux", "nul",
        "com1", "com2", "com3", "com4", "com5", "com6", "com7", "com8", "com9",
        "lpt1", "lpt2", "lpt3", "lpt4", "lpt5", "lpt6", "lpt7", "lpt8", "lpt9",
    ];
    
    if windows_reserved.contains(&dir_name_lower.as_str()) {
        return Err(ConfigError::InvalidConfig(
            format!("Windows reserved name cannot be used as exclude directory: '{}'", dir_name)
        ));
    }

    // Check length limit
    if dir_name.len() > 255 {
        return Err(ConfigError::InvalidConfig(
            "Exclude directory name too long (max 255 characters)".to_string()
        ));
    }

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::io::Write;
    use tempfile::NamedTempFile;

    #[test]
    fn test_command_exists() {
        // cargo should always be available in the test environment
        assert!(command_exists("cargo"));

        // Test for a command that is unlikely to exist
        assert!(!command_exists("a-command-that-does-not-exist"));
    }

    // Security tests for path validation
    #[test]
    fn test_validate_and_sanitize_path_reject_traversal() {
        // Test various path traversal attempts
        assert!(validate_and_sanitize_path("../etc/passwd").is_err());
        assert!(validate_and_sanitize_path("../../etc").is_err());
        assert!(validate_and_sanitize_path("../../../usr/bin").is_err());
        assert!(validate_and_sanitize_path("file/../etc/passwd").is_err());
        assert!(validate_and_sanitize_path("dir/../../etc").is_err());
    }

    #[test]
    fn test_validate_and_sanitize_path_reject_home_directory() {
        // Test home directory access attempts
        assert!(validate_and_sanitize_path("~/etc/passwd").is_err());
        assert!(validate_and_sanitize_path("~/").is_err());
        assert!(validate_and_sanitize_path("~/Documents").is_err());
    }

    #[test]
    fn test_validate_and_sanitize_path_reject_system_directories() {
        // Test Unix system directories
        assert!(validate_and_sanitize_path("/etc/passwd").is_err());
        assert!(validate_and_sanitize_path("/usr/bin").is_err());
        assert!(validate_and_sanitize_path("/bin/sh").is_err());
        assert!(validate_and_sanitize_path("/etc/").is_err());
        
        // Test Windows system directories
        assert!(validate_and_sanitize_path("C:\\Windows\\System32").is_err());
        assert!(validate_and_sanitize_path("C:/Windows/System32").is_err());
        assert!(validate_and_sanitize_path("C:\\Program Files").is_err());
        
        // Test macOS system directories
        assert!(validate_and_sanitize_path("/Applications").is_err());
        assert!(validate_and_sanitize_path("/System/Library").is_err());
    }

    #[test]
    fn test_validate_and_sanitize_path_reject_windows_traversal() {
        // Test Windows-style path traversal
        assert!(validate_and_sanitize_path("..\\..\\Windows").is_err());
        assert!(validate_and_sanitize_path("file\\..\\etc").is_err());
        assert!(validate_and_sanitize_path("dir\\..\\..\\etc").is_err());
    }

    #[test]
    fn test_validate_and_sanitize_path_allow_valid_paths() {
        // Test valid paths (these should work if they exist)
        assert!(validate_and_sanitize_path(".").is_ok());
        
        // Create a temporary directory within current working directory
        let temp_dir = tempfile::TempDir::new_in(".").unwrap();
        let temp_path = temp_dir.path();
        
        // Convert to relative path for validation
        let current_dir = std::env::current_dir().unwrap();
        let relative_path = temp_path.strip_prefix(&current_dir).unwrap_or(temp_path);
        
        assert!(validate_and_sanitize_path(relative_path.to_str().unwrap()).is_ok());
        
        // Test relative path that exists
        let test_file = temp_path.join("test_file");
        std::fs::write(&test_file, "test").unwrap();
        let relative_test_file = test_file.strip_prefix(&current_dir).unwrap_or(&test_file);
        assert!(validate_and_sanitize_path(relative_test_file.to_str().unwrap()).is_ok());
    }

    #[test]
    fn test_validate_and_sanitize_path_reject_nonexistent() {
        // Test that non-existent paths are rejected
        assert!(validate_and_sanitize_path("/nonexistent/path").is_err());
        assert!(validate_and_sanitize_path("nonexistent_dir").is_err());
        assert!(validate_and_sanitize_path("../nonexistent").is_err());
    }

    #[test]
    fn test_validate_and_sanitize_path_empty_path() {
        // Test empty path
        assert!(validate_and_sanitize_path("").is_err());
    }

    #[test]
    fn test_validate_exclude_dir_name_valid() {
        // Test valid exclude directory names
        assert!(validate_exclude_dir_name("node_modules").is_ok());
        assert!(validate_exclude_dir_name("target").is_ok());
        assert!(validate_exclude_dir_name("build").is_ok());
        assert!(validate_exclude_dir_name("dist").is_ok());
        assert!(validate_exclude_dir_name("vendor").is_ok());
        assert!(validate_exclude_dir_name("custom_dir").is_ok());
    }

    #[test]
    fn test_validate_exclude_dir_name_invalid() {
        // Test invalid exclude directory names
        assert!(validate_exclude_dir_name("").is_err());
        assert!(validate_exclude_dir_name(".").is_err());
        assert!(validate_exclude_dir_name("..").is_err());
        assert!(validate_exclude_dir_name("../malicious").is_err());
        assert!(validate_exclude_dir_name("../../etc").is_err());
        assert!(validate_exclude_dir_name("dir/../etc").is_err());
        assert!(validate_exclude_dir_name("path/with/slashes").is_err());
        assert!(validate_exclude_dir_name("path\\with\\backslashes").is_err());
    }

    #[test]
    fn test_validate_exclude_dir_name_reserved_names() {
        // Test Windows reserved names
        assert!(validate_exclude_dir_name("con").is_err());
        assert!(validate_exclude_dir_name("prn").is_err());
        assert!(validate_exclude_dir_name("aux").is_err());
        assert!(validate_exclude_dir_name("nul").is_err());
        assert!(validate_exclude_dir_name("com1").is_err());
        assert!(validate_exclude_dir_name("lpt1").is_err());
    }

    #[test]
    fn test_validate_exclude_dir_name_too_long() {
        // Test name length limit
        let long_name = "a".repeat(256);
        assert!(validate_exclude_dir_name(&long_name).is_err());
        
        // Test name at length limit
        let max_name = "a".repeat(255);
        assert!(validate_exclude_dir_name(&max_name).is_ok());
    }
}