cmd/go/internal/modfetch: restrict file names in zip files, avoid case-insensitive collisions
Within the zip file for a given module, disallow names that are invalid
on various operating systems (mostly Windows), and disallow
having two different paths that are case-fold-equivalent.
Disallowing different case-fold-equivalent paths means the
zip file content is safe for case-insensitive file systems.
There is more we could do to relax the rules later, but I think
this should be enough to avoid digging a hole in the early days
of modules that's hard to climb out of later.
In tests on my repo test corpus, the repos now rejected are:
github.com/vjeantet/goldap v0.0.0-
20160521203625-
ea702ca12a40
"doc/RFC 4511 - LDAP: The Protocol.txt": invalid char ':'
github.com/ChimeraCoder/anaconda v0.0.0-
20160509014622-
91bfbf5de08d
"json/statuses/show.json?id=
404409873170841600": invalid char '?'
github.com/bmatcuk/doublestar
"test/a☺b": invalid char '☺'
github.com/kubernetes-incubator/service-catalog v0.1.10
"cmd/svcat/testdata/responses/clusterserviceclasses?fieldSelector=spec.externalName=user-provided-service.json": invalid char '?'
The : and ? are reserved on Windows,
and the : is half-reserved (and quite confusing) on macOS.
The ☺ is perhaps an overreach, but I am not convinced
that allowing all of category So is safe; certainly Sk is not.
Change-Id: I83b6ac47ce6c442f726f1036bccccdb15553c0af
Reviewed-on: https://go-review.googlesource.com/124380
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>