From b6e96a3651db5ed27ec561a110610893e5421a59 Mon Sep 17 00:00:00 2001 From: Hisham Muhammad Date: Thu, 5 Apr 2018 16:34:10 -0300 Subject: Try to isolate uses of namespaced name strings Add asserts to uses of `name` arguments to check that they are not namespaced; rename namespace-able name arguments to `ns_name` and avoid some unrelated uses of the `name` argument that don't represent rock names (there are still others around, to be fixed eventually). This may cause some failures in some untested code paths with namespaced packages, but we hope to catch them with better testing. Better to be safe here than to perform filesystem operations on incorrect paths. --- src/luarocks/core/path.lua | 2 +- src/luarocks/deps.lua | 2 +- src/luarocks/fs/lua.lua | 18 +++++++++--------- src/luarocks/fs/unix/tools.lua | 10 +++++----- src/luarocks/fs/win32.lua | 10 +++++----- src/luarocks/manif.lua | 2 +- src/luarocks/manif/writer.lua | 12 ++++++------ src/luarocks/path.lua | 22 +++++++++++----------- src/luarocks/queries.lua | 9 ++++----- src/luarocks/repos.lua | 14 +++++++------- src/luarocks/results.lua | 2 +- src/luarocks/search.lua | 18 ++++++++++-------- src/luarocks/util.lua | 21 ++++++++++----------- 13 files changed, 71 insertions(+), 71 deletions(-) diff --git a/src/luarocks/core/path.lua b/src/luarocks/core/path.lua index fd84c7df..125500b7 100644 --- a/src/luarocks/core/path.lua +++ b/src/luarocks/core/path.lua @@ -24,7 +24,7 @@ end -- @return string: a pathname with the same directory parts and a versioned basename. function path.versioned_name(file, prefix, name, version) assert(type(file) == "string") - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local rest = file:sub(#prefix+1):gsub("^/*", "") diff --git a/src/luarocks/deps.lua b/src/luarocks/deps.lua index 182bbfb2..ccbced0c 100644 --- a/src/luarocks/deps.lua +++ b/src/luarocks/deps.lua @@ -394,7 +394,7 @@ end function deps.scan_deps(results, manifest, name, version, deps_mode) assert(type(results) == "table") assert(type(manifest) == "table") - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local fetch = require("luarocks.fetch") diff --git a/src/luarocks/fs/lua.lua b/src/luarocks/fs/lua.lua index 89426b09..38a37f0a 100644 --- a/src/luarocks/fs/lua.lua +++ b/src/luarocks/fs/lua.lua @@ -791,14 +791,14 @@ end if posix.mkdtemp then --- Create a temporary directory. --- @param name string: name pattern to use for avoiding conflicts +-- @param name_pattern string: name pattern to use for avoiding conflicts -- when creating temporary directory. -- @return string or (nil, string): name of temporary directory or (nil, error message) on failure. -function fs_lua.make_temp_dir(name) - assert(type(name) == "string") - name = dir.normalize(name) +function fs_lua.make_temp_dir(name_pattern) + assert(type(name_pattern) == "string") + name_pattern = dir.normalize(name_pattern) - return posix.mkdtemp((os.getenv("TMPDIR") or "/tmp") .. "/luarocks_" .. name:gsub("/", "_") .. "-XXXXXX") + return posix.mkdtemp((os.getenv("TMPDIR") or "/tmp") .. "/luarocks_" .. name_pattern:gsub("/", "_") .. "-XXXXXX") end end -- if posix.mkdtemp @@ -892,13 +892,13 @@ end --- Check whether a file is a Lua script -- When the file can be succesfully compiled by the configured -- Lua interpreter, it's considered to be a valid Lua file. --- @param name filename of file to check +-- @param filename filename of file to check -- @return boolean true, if it is a Lua script, false otherwise -function fs_lua.is_lua(name) - name = name:gsub([[%\]],"/") -- normalize on fw slash to prevent escaping issues +function fs_lua.is_lua(filename) + filename = filename:gsub([[%\]],"/") -- normalize on fw slash to prevent escaping issues local lua = fs.Q(dir.path(cfg.variables["LUA_BINDIR"], cfg.lua_interpreter)) -- get lua interpreter configured -- execute on configured interpreter, might not be the same as the interpreter LR is run on - local result = fs.execute_string(lua..[[ -e "if loadfile(']]..name..[[') then os.exit() else os.exit(1) end"]]) + local result = fs.execute_string(lua..[[ -e "if loadfile(']]..filename..[[') then os.exit() else os.exit(1) end"]]) return (result == true) end diff --git a/src/luarocks/fs/unix/tools.lua b/src/luarocks/fs/unix/tools.lua index 33ba911d..be5ba7a7 100644 --- a/src/luarocks/fs/unix/tools.lua +++ b/src/luarocks/fs/unix/tools.lua @@ -223,14 +223,14 @@ function tools.set_time(file, time) end --- Create a temporary directory. --- @param name string: name pattern to use for avoiding conflicts +-- @param name_pattern string: name pattern to use for avoiding conflicts -- when creating temporary directory. -- @return string or (nil, string): name of temporary directory or (nil, error message) on failure. -function tools.make_temp_dir(name) - assert(type(name) == "string") - name = dir.normalize(name) +function tools.make_temp_dir(name_pattern) + assert(type(name_pattern) == "string") + name_pattern = dir.normalize(name_pattern) - local template = (os.getenv("TMPDIR") or "/tmp") .. "/luarocks_" .. name:gsub("/", "_") .. "-XXXXXX" + local template = (os.getenv("TMPDIR") or "/tmp") .. "/luarocks_" .. name_pattern:gsub("/", "_") .. "-XXXXXX" local pipe = io.popen(vars.MKTEMP.." -d "..fs.Q(template)) local dirname = pipe:read("*l") pipe:close() diff --git a/src/luarocks/fs/win32.lua b/src/luarocks/fs/win32.lua index 6fd24fa5..a915deb6 100644 --- a/src/luarocks/fs/win32.lua +++ b/src/luarocks/fs/win32.lua @@ -248,14 +248,14 @@ function win32.is_writable(file) end --- Create a temporary directory. --- @param name string: name pattern to use for avoiding conflicts +-- @param name_pattern string: name pattern to use for avoiding conflicts -- when creating temporary directory. -- @return string or (nil, string): name of temporary directory or (nil, error message) on failure. -function win32.make_temp_dir(name) - assert(type(name) == "string") - name = dir.normalize(name) +function win32.make_temp_dir(name_pattern) + assert(type(name_pattern) == "string") + name_pattern = dir.normalize(name_pattern) - local temp_dir = os.getenv("TMP") .. "/luarocks_" .. name:gsub("/", "_") .. "-" .. tostring(math.floor(math.random() * 10000)) + local temp_dir = os.getenv("TMP") .. "/luarocks_" .. name_pattern:gsub("/", "_") .. "-" .. tostring(math.floor(math.random() * 10000)) local ok, err = fs.make_dir(temp_dir) if ok then return temp_dir diff --git a/src/luarocks/manif.lua b/src/luarocks/manif.lua index 5ac9920d..146d5d73 100644 --- a/src/luarocks/manif.lua +++ b/src/luarocks/manif.lua @@ -39,7 +39,7 @@ function manif.load_local_manifest(repo_url) end function manif.load_rock_manifest(name, version, root) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local name_version = name.."/"..version diff --git a/src/luarocks/manif/writer.lua b/src/luarocks/manif/writer.lua index a6c70f4d..07628ea2 100644 --- a/src/luarocks/manif/writer.lua +++ b/src/luarocks/manif/writer.lua @@ -25,7 +25,7 @@ local queries = require("luarocks.queries") local function store_package_items(storage, name, version, items) assert(type(storage) == "table") assert(type(items) == "table") - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local package_identifier = name.."/"..version @@ -49,7 +49,7 @@ end local function remove_package_items(storage, name, version, items) assert(type(storage) == "table") assert(type(items) == "table") - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local package_identifier = name.."/"..version @@ -235,7 +235,7 @@ end -- message in case of errors. local function save_table(where, name, tbl) assert(type(where) == "string") - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(tbl) == "table") local filename = dir.path(where, name) @@ -284,7 +284,7 @@ end -- @return true if successful (or unnecessary, if there is no namespace), -- or nil and an error message. function writer.make_namespace_file(name, version, namespace) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") assert(type(namespace) == "string" or not namespace) name = util.adjust_name_and_namespace(name, { namespace = namespace }) @@ -360,7 +360,7 @@ end -- @return boolean or (nil, string): True if manifest was updated successfully, -- or nil and an error message. function writer.add_to_manifest(name, version, repo, deps_mode) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local rocks_dir = path.rocks_dir(repo or cfg.root_dir) assert(type(deps_mode) == "string") @@ -397,7 +397,7 @@ end -- @return boolean or (nil, string): True if manifest was updated successfully, -- or nil and an error message. function writer.remove_from_manifest(name, version, repo, deps_mode) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local rocks_dir = path.rocks_dir(repo or cfg.root_dir) assert(type(deps_mode) == "string") diff --git a/src/luarocks/path.lua b/src/luarocks/path.lua index 7a569169..f6b12727 100644 --- a/src/luarocks/path.lua +++ b/src/luarocks/path.lua @@ -53,7 +53,7 @@ end -- @param tree string or nil: If given, specifies the local tree to use. -- the package (and by extension, the path) exists. function path.versions_dir(name, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name) end @@ -65,7 +65,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the path) exists. function path.install_dir(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version) @@ -78,7 +78,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the file) exists. function path.rockspec_file(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, name.."-"..version..".rockspec") @@ -91,7 +91,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the file) exists. function path.rock_manifest_file(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "rock_manifest") @@ -104,7 +104,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the file) exists. function path.rock_namespace_file(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "rock_namespace") @@ -117,7 +117,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the path) exists. function path.lib_dir(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "lib") @@ -130,7 +130,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the path) exists. function path.lua_dir(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "lua") @@ -143,7 +143,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the path) exists. function path.doc_dir(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "doc") @@ -156,7 +156,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the path) exists. function path.conf_dir(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "conf") @@ -170,7 +170,7 @@ end -- @return string: The resulting path -- does not guarantee that -- the package (and by extension, the path) exists. function path.bin_dir(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") tree = tree or cfg.root_dir return dir.path(path.rocks_dir(tree), name, version, "bin") @@ -198,7 +198,7 @@ end -- @return string: A URL or pathname following LuaRocks naming conventions. function path.make_url(pathname, name, version, arch) assert(type(pathname) == "string") - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") assert(type(arch) == "string") diff --git a/src/luarocks/queries.lua b/src/luarocks/queries.lua index 888d9cf7..e47a5722 100644 --- a/src/luarocks/queries.lua +++ b/src/luarocks/queries.lua @@ -36,15 +36,15 @@ local function arch_to_table(input) end --- Prepare a query in dependency table format. --- @param name string: the package name, may contain a namespace. +-- @param ns_name string: the package name, may contain a namespace. -- @param version string?: the package version. -- @param substring boolean?: match substrings of the name -- (default is false, match full name) -- @param arch string?: a string with pipe-separated accepted arch values -- @param operator string?: operator for version matching (default is "==") -- @return table: A query in table format -function queries.new(name, version, substring, arch, operator) - assert(type(name) == "string") +function queries.new(ns_name, version, substring, arch, operator) + assert(type(ns_name) == "string") assert(type(version) == "string" or not version) assert(type(substring) == "boolean" or not substring) assert(type(arch) == "string" or not arch) @@ -52,8 +52,7 @@ function queries.new(name, version, substring, arch, operator) operator = operator or "==" - local namespace - name, namespace = util.split_namespace(name) + local name, namespace = util.split_namespace(ns_name) local self = { name = name, diff --git a/src/luarocks/repos.lua b/src/luarocks/repos.lua index 35f5e3bc..00e7d3b8 100644 --- a/src/luarocks/repos.lua +++ b/src/luarocks/repos.lua @@ -32,7 +32,7 @@ local vers = require("luarocks.core.vers") -- @return table or nil: An array of strings listing installed -- versions of a package, or nil if none is available. local function get_installed_versions(name) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) local dirs = fs.list_dir(path.versions_dir(name)) return (dirs and #dirs > 0) and dirs or nil @@ -45,7 +45,7 @@ end -- @return boolean: true if a package is installed, -- false otherwise. function repos.is_installed(name, version) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") return fs.is_dir(path.install_dir(name, version)) @@ -93,7 +93,7 @@ end -- If no modules are found or if package name or version -- are invalid, an empty table is returned. function repos.package_modules(name, version) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local result = {} @@ -114,7 +114,7 @@ end -- If no commands are found or if package name or version -- are invalid, an empty table is returned. function repos.package_commands(name, version) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local result = {} @@ -131,7 +131,7 @@ end -- @return boolean: returns true if rock contains platform-specific -- binary executables, or false if it is a pure-Lua rock. function repos.has_binaries(name, version) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") local rock_manifest = manif.load_rock_manifest(name, version) @@ -272,7 +272,7 @@ end -- "one" for the current default tree, "all" for all trees, -- "order" for all trees with priority >= the current default, "none" for no trees. function repos.deploy_files(name, version, wrap_bin_scripts, deps_mode) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") assert(type(wrap_bin_scripts) == "boolean") @@ -351,7 +351,7 @@ end -- was deleted. This is used during 'purge', as every module -- will be eventually deleted. function repos.delete_version(name, version, deps_mode, quick) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") assert(type(deps_mode) == "string") diff --git a/src/luarocks/results.lua b/src/luarocks/results.lua index 3e743883..a6ebfbf3 100644 --- a/src/luarocks/results.lua +++ b/src/luarocks/results.lua @@ -12,7 +12,7 @@ function result_mt.type() end function results.new(name, version, repo, arch, namespace) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") assert(type(repo) == "string") assert(type(arch) == "string" or not arch) diff --git a/src/luarocks/search.lua b/src/luarocks/search.lua index a86db890..49098642 100644 --- a/src/luarocks/search.lua +++ b/src/luarocks/search.lua @@ -53,7 +53,7 @@ end -- @param tree string: The local tree to use. -- @return string?: The namespace if it exists, or nil. local function read_namespace(name, version, tree) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(version) == "string") assert(type(tree) == "string") @@ -198,7 +198,7 @@ end -- @return string or nil: the URL for the latest version if one could -- be picked, or nil. local function pick_latest_version(name, versions) - assert(type(name) == "string") + assert(type(name) == "string" and not name:match("/")) assert(type(versions) == "table") local vtables = {} @@ -318,24 +318,26 @@ end -- user possibilities if it couldn't narrow down a single match. -- @param action function: A function that takes a .src.rock or -- .rockspec URL as a parameter. --- @param name string: A rock name +-- @param ns_name string: A rock name, may be namespaced -- @param version string or nil: A version number may also be given. -- @return The result of the action function, or nil and an error message. -function search.act_on_src_or_rockspec(action, name, version, ...) +function search.act_on_src_or_rockspec(action, ns_name, version, ...) assert(type(action) == "function") - assert(type(name) == "string") + assert(type(ns_name) == "string") assert(type(version) == "string" or not version) - local _, namespace = util.split_namespace(name) - local query = queries.new(name, version, false, "src|rockspec") + local query = queries.new(ns_name, version, false, "src|rockspec") local url, err = search.find_suitable_rock(query) if not url then - return nil, "Could not find a result named "..name..(version and " "..version or "")..": "..err + return nil, "Could not find a result named "..tostring(query)..": "..err end + local _, namespace = util.split_namespace(ns_name) return action(url, namespace, ...) end function search.pick_installed_rock(query, given_tree) + assert(query:type() == "query") + local result_tree = {} local tree_map = {} local trees = cfg.rocks_trees diff --git a/src/luarocks/util.lua b/src/luarocks/util.lua index 76b46d55..426868e4 100644 --- a/src/luarocks/util.lua +++ b/src/luarocks/util.lua @@ -459,18 +459,17 @@ end -- If a namespace is given in user/rock syntax, update the --namespace flag; -- If a namespace is given in --namespace flag, update the user/rock syntax. -- In case of conflicts, the user/rock syntax takes precedence. -function util.adjust_name_and_namespace(name, flags) - assert(type(name) == "string" or not name) +function util.adjust_name_and_namespace(ns_name, flags) + assert(type(ns_name) == "string" or not ns_name) assert(type(flags) == "table") - if not name then + if not ns_name then return - elseif name:match("%.rockspec$") or name:match("%.rock$") then - return name + elseif ns_name:match("%.rockspec$") or ns_name:match("%.rock$") then + return ns_name end - local namespace - name, namespace = util.split_namespace(name) + local name, namespace = util.split_namespace(ns_name) if namespace then flags["namespace"] = namespace end @@ -481,14 +480,14 @@ function util.adjust_name_and_namespace(name, flags) end -- Split name and namespace of a package name. --- @param name a name that may be in "namespace/name" format +-- @param ns_name a name that may be in "namespace/name" format -- @return string, string? - name and optionally a namespace -function util.split_namespace(name) - local p1, p2 = name:match("^([^/]+)/([^/]+)$") +function util.split_namespace(ns_name) + local p1, p2 = ns_name:match("^([^/]+)/([^/]+)$") if p1 then return p2, p1 end - return name + return ns_name end return util -- cgit v1.2.3-55-g6feb