--- /dev/null
+pkg path/filepath, func Localize(string) (string, error) #57151
--- /dev/null
+The new [`Localize`](/path/filepath#Localize) function safely converts
+a slash-separated path into an operating system path.
import (
"errors"
+ "io/fs"
)
var errInvalidPath = errors.New("invalid path")
-// FromFS converts a slash-separated path into an operating-system path.
+// Localize is filepath.Localize.
//
-// FromFS returns an error if the path cannot be represented by the operating
-// system. For example, paths containing '\' and ':' characters are rejected
-// on Windows.
-func FromFS(path string) (string, error) {
- return fromFS(path)
+// It is implemented in this package to avoid a dependency cycle
+// between os and file/filepath.
+//
+// Tests for this function are in path/filepath.
+func Localize(path string) (string, error) {
+ if !fs.ValidPath(path) {
+ return "", errInvalidPath
+ }
+ return localize(path)
}
+++ /dev/null
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !windows
-
-package safefilepath
-
-import (
- "internal/bytealg"
- "runtime"
-)
-
-func fromFS(path string) (string, error) {
- if runtime.GOOS == "plan9" {
- if len(path) > 0 && path[0] == '#' {
- return "", errInvalidPath
- }
- }
- if bytealg.IndexByteString(path, 0) >= 0 {
- return "", errInvalidPath
- }
- return path, nil
-}
--- /dev/null
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package safefilepath
+
+import "internal/bytealg"
+
+func localize(path string) (string, error) {
+ if path[0] == '#' || bytealg.IndexByteString(path, 0) >= 0 {
+ return "", errInvalidPath
+ }
+ return path, nil
+}
+++ /dev/null
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package safefilepath_test
-
-import (
- "internal/safefilepath"
- "os"
- "path/filepath"
- "runtime"
- "testing"
-)
-
-type PathTest struct {
- path, result string
-}
-
-const invalid = ""
-
-var fspathtests = []PathTest{
- {".", "."},
- {"/a/b/c", "/a/b/c"},
- {"a\x00b", invalid},
-}
-
-var winreservedpathtests = []PathTest{
- {`a\b`, `a\b`},
- {`a:b`, `a:b`},
- {`a/b:c`, `a/b:c`},
- {`NUL`, `NUL`},
- {`./com1`, `./com1`},
- {`a/nul/b`, `a/nul/b`},
-}
-
-// Whether a reserved name with an extension is reserved or not varies by
-// Windows version.
-var winreservedextpathtests = []PathTest{
- {"nul.txt", "nul.txt"},
- {"a/nul.txt/b", "a/nul.txt/b"},
-}
-
-var plan9reservedpathtests = []PathTest{
- {`#c`, `#c`},
-}
-
-func TestFromFS(t *testing.T) {
- switch runtime.GOOS {
- case "windows":
- if canWriteFile(t, "NUL") {
- t.Errorf("can unexpectedly write a file named NUL on Windows")
- }
- if canWriteFile(t, "nul.txt") {
- fspathtests = append(fspathtests, winreservedextpathtests...)
- } else {
- winreservedpathtests = append(winreservedpathtests, winreservedextpathtests...)
- }
- for i := range winreservedpathtests {
- winreservedpathtests[i].result = invalid
- }
- for i := range fspathtests {
- fspathtests[i].result = filepath.FromSlash(fspathtests[i].result)
- }
- case "plan9":
- for i := range plan9reservedpathtests {
- plan9reservedpathtests[i].result = invalid
- }
- }
- tests := fspathtests
- tests = append(tests, winreservedpathtests...)
- tests = append(tests, plan9reservedpathtests...)
- for _, test := range tests {
- got, err := safefilepath.FromFS(test.path)
- if (got == "") != (err != nil) {
- t.Errorf(`FromFS(%q) = %q, %v; want "" only if err != nil`, test.path, got, err)
- }
- if got != test.result {
- t.Errorf("FromFS(%q) = %q, %v; want %q", test.path, got, err, test.result)
- }
- }
-}
-
-func canWriteFile(t *testing.T, name string) bool {
- path := filepath.Join(t.TempDir(), name)
- os.WriteFile(path, []byte("ok"), 0666)
- b, _ := os.ReadFile(path)
- return string(b) == "ok"
-}
--- /dev/null
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build unix || (js && wasm) || wasip1
+
+package safefilepath
+
+import "internal/bytealg"
+
+func localize(path string) (string, error) {
+ if bytealg.IndexByteString(path, 0) >= 0 {
+ return "", errInvalidPath
+ }
+ return path, nil
+}
package safefilepath
import (
+ "internal/bytealg"
"syscall"
- "unicode/utf8"
)
-func fromFS(path string) (string, error) {
- if !utf8.ValidString(path) {
- return "", errInvalidPath
- }
- for len(path) > 1 && path[0] == '/' && path[1] == '/' {
- path = path[1:]
+func localize(path string) (string, error) {
+ for i := 0; i < len(path); i++ {
+ switch path[i] {
+ case ':', '\\', 0:
+ return "", errInvalidPath
+ }
}
containsSlash := false
for p := path; p != ""; {
// Find the next path element.
- i := 0
- for i < len(p) && p[i] != '/' {
- switch p[i] {
- case 0, '\\', ':':
- return "", errInvalidPath
- }
- i++
- }
- part := p[:i]
- if i < len(p) {
+ var element string
+ i := bytealg.IndexByteString(p, '/')
+ if i < 0 {
+ element = p
+ p = ""
+ } else {
containsSlash = true
+ element = p[:i]
p = p[i+1:]
- } else {
- p = ""
}
- if IsReservedName(part) {
+ if IsReservedName(element) {
return "", errInvalidPath
}
}
import (
"errors"
"fmt"
- "internal/safefilepath"
"io"
"io/fs"
"mime"
// Open implements [FileSystem] using [os.Open], opening files for reading rooted
// and relative to the directory d.
func (d Dir) Open(name string) (File, error) {
- path, err := safefilepath.FromFS(path.Clean("/" + name))
+ path := path.Clean("/" + name)[1:]
+ if path == "" {
+ path = "."
+ }
+ path, err := filepath.Localize(path)
if err != nil {
return nil, errors.New("http: invalid or unsafe file path")
}
return err
}
- fpath, err := safefilepath.FromFS(path)
+ fpath, err := safefilepath.Localize(path)
if err != nil {
return err
}
if dir == "" {
return "", errors.New("os: DirFS with empty root")
}
- if !fs.ValidPath(name) {
- return "", ErrInvalid
- }
- name, err := safefilepath.FromFS(name)
+ name, err := safefilepath.Localize(name)
if err != nil {
return "", ErrInvalid
}
import (
"errors"
+ "internal/safefilepath"
"io/fs"
"os"
"slices"
return true
}
+// Localize converts a slash-separated path into an operating system path.
+// The input path must be a valid path as reported by [io/fs.ValidPath].
+//
+// Localize returns an error if the path cannot be represented by the operating system.
+// For example, the path a\b is rejected on Windows, on which \ is a separator
+// character and cannot be part of a filename.
+//
+// The path returned by Localize will always be local, as reported by IsLocal.
+func Localize(path string) (string, error) {
+ return safefilepath.Localize(path)
+}
+
// ToSlash returns the result of replacing each separator character
// in path with a slash ('/') character. Multiple separators are
// replaced by multiple slashes.
// FromSlash returns the result of replacing each slash ('/') character
// in path with a separator character. Multiple slashes are replaced
// by multiple separators.
+//
+// See also the Localize function, which converts a slash-separated path
+// as used by the io/fs package to an operating system path.
func FromSlash(path string) string {
if Separator == '/' {
return path
}
}
+type LocalizeTest struct {
+ path string
+ want string
+}
+
+var localizetests = []LocalizeTest{
+ {"", ""},
+ {".", "."},
+ {"..", ""},
+ {"a/..", ""},
+ {"/", ""},
+ {"/a", ""},
+ {"a\xffb", ""},
+ {"a/", ""},
+ {"a/./b", ""},
+ {"\x00", ""},
+ {"a", "a"},
+ {"a/b/c", "a/b/c"},
+}
+
+var plan9localizetests = []LocalizeTest{
+ {"#a", ""},
+ {`a\b:c`, `a\b:c`},
+}
+
+var unixlocalizetests = []LocalizeTest{
+ {"#a", "#a"},
+ {`a\b:c`, `a\b:c`},
+}
+
+var winlocalizetests = []LocalizeTest{
+ {"#a", "#a"},
+ {"c:", ""},
+ {`a\b`, ""},
+ {`a:b`, ""},
+ {`a/b:c`, ""},
+ {`NUL`, ""},
+ {`a/NUL`, ""},
+ {`./com1`, ""},
+ {`a/nul/b`, ""},
+}
+
+func TestLocalize(t *testing.T) {
+ tests := localizetests
+ switch runtime.GOOS {
+ case "plan9":
+ tests = append(tests, plan9localizetests...)
+ case "windows":
+ tests = append(tests, winlocalizetests...)
+ for i := range tests {
+ tests[i].want = filepath.FromSlash(tests[i].want)
+ }
+ default:
+ tests = append(tests, unixlocalizetests...)
+ }
+ for _, test := range tests {
+ got, err := filepath.Localize(test.path)
+ wantErr := "<nil>"
+ if test.want == "" {
+ wantErr = "error"
+ }
+ if got != test.want || ((err == nil) != (test.want != "")) {
+ t.Errorf("IsLocal(%q) = %q, %v want %q, %v", test.path, got, err, test.want, wantErr)
+ }
+ }
+}
+
const sep = filepath.Separator
var slashtests = []PathTest{