gix_status/
stack.rs

1use std::{
2    borrow::Cow,
3    path::{Path, PathBuf},
4};
5
6use bstr::BStr;
7use gix_fs::{stack::ToNormalPathComponents, Stack};
8
9use crate::SymlinkCheck;
10
11impl SymlinkCheck {
12    /// Create a new stack that starts operating at `root`.
13    pub fn new(root: PathBuf) -> Self {
14        Self {
15            inner: gix_fs::Stack::new(root),
16        }
17    }
18
19    /// Return a valid filesystem path located in our root by appending `relative_path`, which is guaranteed to
20    /// not pass through a symbolic link. That way the caller can be sure to not be misled by an attacker that
21    /// tries to make us reach outside of the repository.
22    ///
23    /// Note that the file pointed to by `relative_path` may still be a symbolic link, or not exist at all,
24    /// and that an error may also be produced if directories on the path leading to the leaf
25    /// component of `relative_path` are missing.
26    ///
27    /// ### Note
28    ///
29    /// On windows, no verification is performed, instead only the combined path is provided as usual.
30    pub fn verified_path(&mut self, relative_path: impl ToNormalPathComponents) -> std::io::Result<&Path> {
31        self.inner.make_relative_path_current(relative_path, &mut Delegate)?;
32        Ok(self.inner.current())
33    }
34
35    /// Like [`Self::verified_path()`], but do not fail if there is no directory entry at `relative_path` or on the way
36    /// to `relative_path`. Instead.
37    /// For convenience, this incarnation is tuned to be easy to use with Git paths, i.e. slash-separated `BString` path.
38    pub fn verified_path_allow_nonexisting(&mut self, relative_path: &BStr) -> std::io::Result<Cow<'_, Path>> {
39        let rela_path = gix_path::try_from_bstr(relative_path).map_err(std::io::Error::other)?;
40        if let Err(err) = self.verified_path(rela_path.as_ref()) {
41            if err.kind() == std::io::ErrorKind::NotFound {
42                Ok(Cow::Owned(self.inner.root().join(rela_path)))
43            } else {
44                Err(err)
45            }
46        } else {
47            Ok(Cow::Borrowed(self.inner.current()))
48        }
49    }
50}
51
52struct Delegate;
53
54impl gix_fs::stack::Delegate for Delegate {
55    fn push_directory(&mut self, _stack: &Stack) -> std::io::Result<()> {
56        Ok(())
57    }
58
59    #[cfg_attr(windows, allow(unused_variables))]
60    fn push(&mut self, is_last_component: bool, stack: &Stack) -> std::io::Result<()> {
61        #[cfg(windows)]
62        {
63            Ok(())
64        }
65        #[cfg(not(windows))]
66        {
67            if is_last_component {
68                return Ok(());
69            }
70
71            if stack.current().symlink_metadata()?.is_symlink() {
72                return Err(std::io::Error::other("Cannot step through symlink to perform an lstat"));
73            }
74            Ok(())
75        }
76    }
77
78    fn pop_directory(&mut self) {}
79}