Mercurial > hgrepos > Python > apps > py-cutils

changeset 281:16507317e834

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
treesum: FIX: Also do not allow CR and/or LF and/or backslashes in strictly FS encoded names
author Franz Glasner <fzglas.hg@dom66.de>
date Sun, 23 Feb 2025 12:37:34 +0100
parents f3e0b479928c
children d507ae4943d5
files cutils/util/walk.py
diffstat 1 files changed, 30 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/cutils/util/walk.py	Sun Feb 23 10:01:09 2025 +0100
+++ b/cutils/util/walk.py	Sun Feb 23 12:37:34 2025 +0100
@@ -81,18 +81,23 @@
     def fsname(self):
         """The name as bytes for the filesystem.
 
+        Also do not allow CR of LF in the name.
+
         :rtype: bytes or None
 
         """
         if PY2:
             if isinstance(self._name, bytes):
-                return self._name
+                s = self._name
             try:
-                return self._name.encode(_FSENCODING, "strict")
+                s = self._name.encode(_FSENCODING, "strict")
             except UnicodeError:
                 return None
         else:
-            return os.fsencode(self._name)
+            s = os.fsencode(self._name)
+        if (b'\n' in s) or (b'\r' in s) or (b'\\' in s):
+            return None
+        return s
 
     @property
     def alt_fsname(self):
@@ -109,18 +114,23 @@
     def fspath(self):
         """Always bytes.
 
+        Also do not allow CR of LF in the path.
+
         :rtype: bytes or None
 
         """
         if PY2:
             if isinstance(self._path, bytes):
-                return self._path
+                p = self._path
             try:
-                return self._path.encode(_FSENCODING, "strict")
+                p = self._path.encode(_FSENCODING, "strict")
             except UnicodeError:
                 return None
         else:
-            return os.fsencode(self._path)
+            p = os.fsencode(self._path)
+        if (b'\n' in p) or (b'\r' in p) or (b'\\' in p):
+            return None
+        return p
 
     @property
     def alt_fspath(self):
@@ -135,10 +145,21 @@
     def alt_fs(what):
         if PY2:
             if isinstance(what, bytes):
-                return what
-            return what.encode(_FSENCODING, "backslashreplace")
+                s = what
+            else:
+                #
+                # Prevent double encoding ...
+                # ... and hope that the current FS encoding is compatible
+                #     with it
+                #
+                s = what.replace(u'\\', u"\\x5c")
+                s = s.encode(_FSENCODING, "backslashreplace")
+                return s.replace(b'\n', b"\\x0a").replace(b'\r', b"\\x0d")
         else:
-            return os.fsencode(what)
+            s = os.fsencode(what)
+        return (s.replace(b'\\', b"\\x5c")
+                .replace(b'\n', b"\\x0a")
+                .replace(b'\r', b"\\x0d"))
 
     @property
     def uname(self):