osfs: Add WithDeduplicatePath

In specific workflows within the BoundOS OS type, the
returned path may have the base dir duplicated.
By default such duplications are removed automatically,
the new WithDeduplicatePath allows users to toggle that
behaviour.

Signed-off-by: Paulo Gomes <[email protected]>

Author: pjbgf

osfs/os.go

@@ -22,14 +22,18 @@ const (
 var Default = &ChrootOS{}
 
 // New returns a new OS filesystem.
+// By default paths are deduplicated, but still enforced
+// under baseDir. For more info refer to WithDeduplicatePath.
 func New(baseDir string, opts ...Option) billy.Filesystem {
-	o := &options{}
+	o := &options{
+		deduplicatePath: true,
+	}
 	for _, opt := range opts {
 		opt(o)
 	}
 
 	if o.Type == BoundOSFS {
-		return newBoundOS(baseDir)
+		return newBoundOS(baseDir, o.deduplicatePath)
 	}
 
 	return newChrootOS(baseDir)
@@ -49,8 +53,23 @@ func WithChrootOS() Option {
 	}
 }
 
+// WithDeduplicatePath toggles the deduplication of the base dir in the path.
+// This occurs when absolute links are being used.
+// Assuming base dir /base/dir and an absolute symlink /base/dir/target:
+//
+// With DeduplicatePath (default): /base/dir/target
+// Without DeduplicatePath: /base/dir/base/dir/target
+//
+// This option is only used by the BoundOS OS type.
+func WithDeduplicatePath(enabled bool) Option {
+	return func(o *options) {
+		o.deduplicatePath = enabled
+	}
+}
+
 type options struct {
 	Type
+	deduplicatePath bool
 }
 
 type Type int

osfs/os_bound.go

@@ -41,11 +41,12 @@ import (
 //  3. Readlink and Lstat ensures that the link file is located within the base
 //     dir, evaluating any symlinks that file or base dir may contain.
 type BoundOS struct {
-	baseDir string
+	baseDir         string
+	deduplicatePath bool
 }
 
-func newBoundOS(d string) billy.Filesystem {
-	return &BoundOS{baseDir: d}
+func newBoundOS(d string, deduplicatePath bool) billy.Filesystem {
+	return &BoundOS{baseDir: d, deduplicatePath: deduplicatePath}
 }
 
 func (fs *BoundOS) Create(filename string) (billy.File, error) {
@@ -212,10 +213,21 @@ func (fs *BoundOS) createDir(fullpath string) error {
 func (fs *BoundOS) abs(filename string) (string, error) {
 	if filename == fs.baseDir {
 		filename = string(filepath.Separator)
-	} else if cw := fs.baseDir + string(filepath.Separator); strings.HasPrefix(filename, cw) {
-		filename = strings.TrimPrefix(filename, cw)
 	}
-	return securejoin.SecureJoin(fs.baseDir, filename)
+
+	path, err := securejoin.SecureJoin(fs.baseDir, filename)
+	if err != nil {
+		return "", nil
+	}
+
+	if fs.deduplicatePath {
+		vol := filepath.VolumeName(fs.baseDir)
+		dup := filepath.Join(fs.baseDir, fs.baseDir[len(vol):])
+		if strings.HasPrefix(path, dup+string(filepath.Separator)) {
+			return fs.abs(path[len(dup):])
+		}
+	}
+	return path, nil
 }
 
 // insideBaseDir checks whether filename is located within