Граф коммитов

789 Коммитов

Автор SHA1 Сообщение Дата
Hiroshi SHIBATA e380f78851 Removed rb_find_file_ext_safe and rb_find_file_safe 2020-09-23 09:09:36 +09:00
Jean Boussier 2c6512fe67 Get rid of the redundant stat() in rb_check_realpath_internal 2020-07-07 00:26:37 +09:00
卜部昌平 de3e931df7 add UNREACHABLE_RETURN
Not every compilers understand that rb_raise does not return.  When a
function does not end with a return statement, such compilers can issue
warnings.  We would better tell them about reachabilities.
2020-06-29 11:05:41 +09:00
卜部昌平 e9cb092b2d rb_f_stat: do not goto into a branch
I'm not necessarily against every goto in general, but jumping into a
branch is definitely a bad idea.  Better refactor.
2020-06-29 11:05:41 +09:00
Nobuyoshi Nakada c3ba2db48b
Removed execpath argument of path_check_0 as always TRUE now 2020-06-23 10:01:23 +09:00
Nobuyoshi Nakada 61374839e4
Removed fpath_check, no longer used since taint flag was removed 2020-06-23 10:01:23 +09:00
Alan D. Salewski c15cddd1d5 Allow Dir.home to work for non-login procs when $HOME not set
Allow the 'Dir.home' method to reliably locate the user's home directory when
all three of the following are true at the same time:

    1. Ruby is running on a Unix-like OS
    2. The $HOME environment variable is not set
    3. The process is not a descendant of login(1) (or a work-alike)

The prior behavior was that the lookup could only work for login-descended
processes.

This is accomplished by looking up the user's record in the password database
by uid (getpwuid_r(3)) as a fallback to the lookup by name (getpwname_r(3))
which is still attempted first (based on the name, if any, returned by
getlogin_r(3)).

If getlogin_r(3), getpwnam_r(3), and/or getpwuid_r(3) is not available at
compile time, will fallback on using their respective non-*_r() variants:
getlogin(3), getpwnam(3), and/or getpwuid(3).

The rationale for attempting to do the lookup by name prior to doing it by uid
is to accommodate the possibility of multiple login names (each with its own
record in the password database, so each with a potentially different home
directory) being mapped to the same uid (as is explicitly allowed for by
POSIX; see getlogin(3posix)).

Preserves the existing behavior for login-descended processes, and adds the
new capability of having Dir.home being able to find the user's home directory
for non-login-descended processes.

Fixes [Bug #16787]

Related discussion:
    https://bugs.ruby-lang.org/issues/16787
    https://github.com/ruby/ruby/pull/3034
2020-05-23 23:16:28 +09:00
卜部昌平 9e41a75255 sed -i 's|ruby/impl|ruby/internal|'
To fix build failures.
2020-05-11 09:24:08 +09:00
卜部昌平 d7f4d732c1 sed -i s|ruby/3|ruby/impl|g
This shall fix compile errors.
2020-05-11 09:24:08 +09:00
卜部昌平 9e6e39c351
Merge pull request #2991 from shyouhei/ruby.h
Split ruby.h
2020-04-08 13:28:13 +09:00
Nobuyoshi Nakada 67f616c523
Show the deprecated name in the warning
Fixed up a58bbd6a51.
2020-04-07 12:49:33 +09:00
Nobuyoshi Nakada d827c718db
[DOC] Removed RDoc of deprecated methods [ci skip] 2020-04-06 23:06:03 +09:00
Nobuyoshi Nakada a58bbd6a51
Use `rb_warn_deprecated` for `File.exists?` and `Dir.exists?` 2020-04-06 21:43:32 +09:00
卜部昌平 5e22f873ed decouple internal.h headers
Saves comitters' daily life by avoid #include-ing everything from
internal.h to make each file do so instead.  This would significantly
speed up incremental builds.

We take the following inclusion order in this changeset:

1.  "ruby/config.h", where _GNU_SOURCE is defined (must be the very
    first thing among everything).
2.  RUBY_EXTCONF_H if any.
3.  Standard C headers, sorted alphabetically.
4.  Other system headers, maybe guarded by #ifdef
5.  Everything else, sorted alphabetically.

Exceptions are those win32-related headers, which tend not be self-
containing (headers have inclusion order dependencies).
2019-12-26 20:45:12 +09:00
NAKAMURA Usaku 204dc3f39f Revert "Should return "." for File.extname("file.") also on Windows"
We want to introduce consistency and better compatibility with unixen,
but the Windows APIs doues not have consistency fundamentally and
we can not found any logical way...

This reverts commit 61aff0cd18.
2019-12-23 11:54:25 +09:00
NAKAMURA Usaku 61aff0cd18 Should return "." for File.extname("file.") also on Windows
But not changes another cases, such as "file.rb."
[Bug #15267]
2019-12-22 02:42:09 +09:00
Nobuyoshi Nakada 04e95f8985 Get rid of infinite recursion at loading transcoder
Disable encoding US-ASCII path to filesystem on Windows too.
[Bug #16392]
2019-12-16 16:16:54 +09:00
Nobuyoshi Nakada 14a17063a1
Fixed stack overflow [Bug #16382]
Get rid of infinite recursion in expanding a load path to the real
path while loading a transcoder.
2019-12-03 08:51:50 +09:00
Jeremy Evans ffd0820ab3 Deprecate taint/trust and related methods, and make the methods no-ops
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
2019-11-18 01:00:25 +02:00
Jeremy Evans c5c05460ac Warn on access/modify of $SAFE, and remove effects of modifying $SAFE
This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.

This modifies some internal functions that took a safe level argument
to no longer take the argument.

rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.

One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd.  We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
2019-11-18 01:00:25 +02:00
Nobuyoshi Nakada 4f13927f1f
[DOC] no change on Windows [Bug #15267] [ci skip] 2019-10-17 19:43:10 +09:00
Nobuyoshi Nakada e169ad93f4 Fixed File.extname at a name ending with a dot
File.extname now returns a dot string at a name ending with a dot.
[Bug #15267]
2019-10-17 18:51:51 +09:00
Jeremy Evans 978276a7d9 Update documentation for File#{readable,writable,executable}{,_real}? [ci skip]
Some OS-level security features cause these methods to not return
expected results.  For example fs.protected_regular sysctl on Linux,
or pledge(2)/unveil(2) on OpenBSD.

Fixes [Bug #16002]
2019-10-14 17:43:11 -07:00
Nobuyoshi Nakada 0c6f36668a
Adjusted spaces [ci skip] 2019-09-27 10:20:56 +09:00
David Rodríguez 2a166cfea2 Add `File.absolute_path?` (#2198)
In order to check whether a path is absolute or not in a portable way.

[Feature #15868]
2019-09-05 20:00:50 +09:00
卜部昌平 3df37259d8 drop-in type check for rb_define_singleton_method
We can check the function pointer passed to
rb_define_singleton_method like how we do so in rb_define_method.
Doing so revealed many arity mismatches.
2019-08-29 18:34:09 +09:00
卜部昌平 7bcfd9189a drop-in type check for rb_define_global_function
We can check the function pointer passed to rb_define_global_function
like we do so in rb_define_method.  It turns out that almost anybody
is misunderstanding the API.
2019-08-29 18:34:09 +09:00
Jeremy Evans a50bc9f3c8 Do not always taint the result of File#path
The result should only be tainted if the path given to the method
was tainted.

The code to always taint the result was added in
a4934a42cb (svn revision 4892) in
2003 by matz.  However, the change wasn't mentioned in the
commit message, and it may have been committed by accident.

Skip part of a readline test that uses Reline.  Reline in general
would pass the test, but Reline's test mode doesn't raise a
SecurityError if passing a tainted prompt and $SAFE >= 1. This
was hidden earlier because File#path was always returning a
tainted string.

Fixes [Bug #14485]
2019-07-30 11:55:59 -07:00
Jeremy Evans 6eab49a40a Revert "Do not always taint the result of File#path"
This reverts commit 1a759bfe5d.

This fails on some operating systems.
2019-07-29 12:10:15 -07:00
Jeremy Evans 1a759bfe5d Do not always taint the result of File#path
The result should only be tainted if the path given to the method
was tainted.

The code to always taint the result was added in
a4934a42cb (svn revision 4892) in
2003 by matz.  However, the change wasn't mentioned in the
commit message, and it may have been committed by accident.

Skip part of a readline test that uses Reline.  Reline in general
would pass the test, but Reline's test mode doesn't raise a
SecurityError if passing a tainted prompt and $SAFE >= 1. This
was hidden earlier because File#path was always returning a
tainted string.

Fixes [Bug #14485]
2019-07-29 10:45:14 -07:00
Yusuke Endoh 81fc3becc7 file.c: add a NORETURN declaration for statx_notimplement
clang complains the lack.
2019-07-20 15:43:42 +09:00
git 9987296b8b * expand tabs. 2019-07-14 17:16:35 +09:00
Yusuke Endoh 934e6b2aeb Prefer `rb_error_arity` to `rb_check_arity` when it can be used 2019-07-14 17:16:19 +09:00
Jeremy Evans 142617c8e1 Don't use native realpath(3) on Solaris
CI shows it does work on Solaris 11, but does not work on Solaris
10.  However, until I figure out a good way to differentiate
between Solaris 10 and 11, this should get CI passing on both.
2019-07-01 15:33:13 -07:00
git 93328b5237 * expand tabs. 2019-07-02 04:14:17 +09:00
Jeremy Evans 11c311e36f Use realpath(3) instead of custom realpath implementation if available
This approach is simpler than the previous approach which tries to
emulate realpath(3).  It also performs much better on both Linux and
OpenBSD on the included benchmarks.

By using realpath(3), we can better integrate with system security
features such as OpenBSD's unveil(2) system call.

This does not use realpath(3) on Windows even if it exists, as the
approach for checking for absolute paths does not work for drive
letters.  This can be fixed without too much difficultly, though until
Windows defines realpath(3), there is no need to do so.

For File.realdirpath, where the last element of the path is not
required to exist, fallback to the previous approach, as realpath(3)
on most operating systems requires the whole path be valid (per POSIX),
and the operating systems where this isn't true either plan to conform
to POSIX or may change to conform to POSIX in the future.

glibc realpath(3) does not handle /path/to/file.rb/../other_file.rb
paths, returning ENOTDIR in that case.  Fallback to the previous code
if realpath(3) returns ENOTDIR.

glibc doesn't like realpath(3) usage for paths like /dev/fd/5,
returning ENOENT even though the path may appear to exist in the
filesystem.  If ENOENT is returned and the path exists, then fall
back to the default approach.
2019-07-01 11:46:30 -07:00
Jeremy Evans c8edf70cd2 Update documentation for File.executable{,_real}? to mention Windows issues
Fixes [Bug #15664]
2019-06-17 13:57:43 -07:00
Nobuyoshi Nakada 27a59ca2c8
file.c: fix compile error with MacPorts gcc
With the SDK of Xcode 10.2.1, `API_AVAILABLE` and so on macros are
not defined in <os/availability.h> when using a compiler other
than clang (which has `__has_feature` and `__has_attribute`), but
`__API_AVAILABLE` macro and so on are defined, which are also
defined in <Availability.h>.

I suspect this is a bug of the SDK.
2019-06-08 19:40:55 +09:00
Jeremy Evans a15f7dd1fb
Always mark the string returned by File.realpath as tainted
This string can include elements that were not in either string
passed to File.realpath, even if one of the strings is an
absolute path, due to symlinks:

```ruby
Dir.mkdir('b') unless File.directory?('b')
File.write('b/a', '') unless File.file?('b/a')
File.symlink('b', 'c') unless File.symlink?('c')
path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
path # "/home/testr/ruby/b/a"
path.tainted? # should be true, as 'b' comes from file system
```

[Bug #15803]
2019-04-28 10:47:51 +09:00
glass 0bd50e95f9 file.c: raise NotImplementedError instread of Errno::ENOSYS
[Misc #15615]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67338 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-03-23 10:41:16 +00:00
nobu 56557ec28a [DOC] fix markups [ci skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-03-22 11:04:59 +00:00
nobu 23a8183bea Check stx_btime in struct statx
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67131 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-24 11:57:18 +00:00
nobu fc90c4ec5d Support File#birthtime on Linux
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67116 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-22 06:01:08 +00:00
nobu 607ecea7c9 Unified rb_file_s_birthtime
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67115 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-22 03:08:38 +00:00
nobu 8b94ce988b Constified
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67108 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-21 07:32:24 +00:00
nobu 936b61d4ac Path for AT_EMPTY_PATH must not be NULL
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67107 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-21 07:03:12 +00:00
nobu 7c369b7847 Separate fstatx_without_gvl from statx_without_gvl
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67105 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-21 06:12:13 +00:00
ko1 e487e86e98 fix r67097 with cast
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67099 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-20 07:34:05 +00:00
nobu 15a98ab428 Try statx syscall
* file.c (rb_file_s_birthtime): export for pathname to check if
  birthtime is supported.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67097 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-20 06:54:23 +00:00
ko1 5e80e9144f revert r67093 because it breaks tests
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67094 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-02-20 04:27:24 +00:00