Skip to content

Commit

Permalink
Rollup merge of rust-lang#125060 - ChrisJefferson:pathbuf-doc, r=work…
Browse files Browse the repository at this point in the history 
…ingjubilee

Expand documentation of PathBuf, discussing lack of sanitization

Various methods in `PathBuf`, in particular `set_file_name` and `set_extension` accept strings which include path seperators (like `../../etc`). These methods just glue together strings, so you can end up with strange strings.

This isn't reasonable to change/fix at this point, and might not even be fixable, but I think should be documented. In particular, you probably shouldn't blindly build paths using strings given by possibly malicious users.
  • Loading branch information
@Zalathar
Zalathar authored Sep 12, 2024
2 parents 5997b68 + 34e4b6d commit 03dedd9
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions std/src/path.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1153,6 +1153,21 @@ impl FusedIterator for Ancestors<'_> {}
/// ```
///
/// Which method works best depends on what kind of situation you're in.
///
/// Note that `PathBuf` does not always sanitize arguments, for example
/// [`push`] allows paths built from strings which include separators:
///
/// use std::path::PathBuf;
///
/// let mut path = PathBuf::new();
///
/// path.push(r"C:\");
/// path.push("windows");
/// path.push(r"..\otherdir");
/// path.push("system32");
///
/// The behaviour of `PathBuf` may be changed to a panic on such inputs
/// in the future. [`Extend::extend`] should be used to add multi-part paths.
#[cfg_attr(not(test), rustc_diagnostic_item = "PathBuf")]
#[stable(feature = "rust1", since = "1.0.0")]
pub struct PathBuf {
Expand Down Expand Up @@ -1391,6 +1406,9 @@ impl PathBuf {
/// `file_name`. The new path will be a sibling of the original path.
/// (That is, it will have the same parent.)
///
/// The argument is not sanitized, so can include separators. This
/// behaviour may be changed to a panic in the future.
///
/// [`self.file_name`]: Path::file_name
/// [`pop`]: PathBuf::pop
///
Expand All @@ -1411,6 +1429,12 @@ impl PathBuf {
///
/// buf.set_file_name("baz");
/// assert!(buf == PathBuf::from("/baz"));
///
/// buf.set_file_name("../b/c.txt");
/// assert!(buf == PathBuf::from("/../b/c.txt"));
///
/// buf.set_file_name("baz");
/// assert!(buf == PathBuf::from("/../b/baz"));
/// ```
#[stable(feature = "rust1", since = "1.0.0")]
pub fn set_file_name<S: AsRef<OsStr>>(&mut self, file_name: S) {
Expand Down

0 comments on commit 03dedd9

Please sign in to comment.