download_from_google_storage overzealous forbidding files with ".." |
|||||
Issue descriptionIn https://codereview.chromium.org/1285423002 a check was added that forbids the substring '..' to appear in tar file paths. Sadly e.g. the mips toolchain contains lots of normal files starting with .. as a prefix of the filename. See toolchain archives at https://www.mips.com/develop/tools/codescape-mips-sdk/download-codescape-mips-sdk-essentials/ For now I work around this by deleting all those files before uploading.
,
Jan 31 2018
It should probably only check for '../' + windows robustness. Or call some combo of normpath + relpath to check if paths are outside of the base path.
,
Jan 31 2018
Yes I think we can relax this to only check for "../".
,
Feb 9 2018
https://chromium-review.googlesource.com/#/c/chromium/tools/depot_tools/+/912430
,
Feb 12 2018
,
Feb 12 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/tools/depot_tools/+/22b540d0658e7608d8695c68925e91174538bdb5 commit 22b540d0658e7608d8695c68925e91174538bdb5 Author: Aaron Gable <agable@chromium.org> Date: Mon Feb 12 18:30:43 2018 download_from_google_storage: allow normal files with .. Although we want to prevent dfgs from untar'ing files to a parent or sibling of its target directory, normal files that just happen to have ".." in their name (i.e. not preceding a path separator) are okay. R=hinoka Bug: 807286 Change-Id: Ibdc2c3615c4778ef66abceb532a4f671fbdab8ef Reviewed-on: https://chromium-review.googlesource.com/912430 Reviewed-by: Ryan Tseng <hinoka@chromium.org> Commit-Queue: Aaron Gable <agable@chromium.org> [modify] https://crrev.com/22b540d0658e7608d8695c68925e91174538bdb5/tests/download_from_google_storage_unittest.py [modify] https://crrev.com/22b540d0658e7608d8695c68925e91174538bdb5/download_from_google_storage.py
,
Feb 12 2018
Thanks! |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ricow@chromium.org
, Jan 31 2018