package fetching: catch relative paths that resolve into cache dir - zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software. https://ziglang.org

diff options

author	Andrew Kelley <andrew@ziglang.org>	2023-11-27 20:50:05 -0700
committer	Andrew Kelley <andrew@ziglang.org>	2023-11-28 04:14:41 -0500
commit	2a322645331532e22def160677a345854f00b7e2 (patch)
tree	b480cb4010b89a3c0bee1b27d1562b39fe09cb24 /src/codegen
parent	a98d4a66e957f02e0beb91738ff59e989ad94028 (diff)
download	zig-2a322645331532e22def160677a345854f00b7e2.tar.gz zig-2a322645331532e22def160677a345854f00b7e2.zip

package fetching: catch relative paths that resolve into cache dir

The logic here already caught the case when a dependency path tried to escape out of the zig cache directory using up directories. However, it did not catch the case when the relative path tried to reach into a different path within the zig-cache. For example, if it asked for "../../../blah" then it would be caught, but if it asked for "../blah" then it would try to resolve as "zig-cache/p/blah" and probably result in file-not-found, or perhaps resolve to a different package if someone inadvertently used a valid package hash instead of "blah". Now it correctly gives a "dependency path outside project" error, however, still allows relative paths with up-dirs that were not fetched via URL.

Diffstat (limited to 'src/codegen')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: