Skip to content

Commit e6c4ef0

Browse files
sipsmasipsma
committed
Simplify isOrUnderDir function.
The previous implementation worked but was difficult to follow. The new version is more explicit and easy to understand at a glance. Signed-off-by: Erik Sipsma <[email protected]>
1 parent f2312e5 commit e6c4ef0

File tree

2 files changed

+13
-38
lines changed

2 files changed

+13
-38
lines changed

agent/drive_handler.go

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -184,12 +184,7 @@ func (dh driveHandler) MountDrive(ctx context.Context, req *drivemount.MountDriv
184184
}
185185

186186
for _, systemDir := range bannedSystemDirs {
187-
isUnder, err := isOrUnderDir(filepath.Clean(resolvedDest), filepath.Clean(systemDir))
188-
if err != nil {
189-
return nil, errors.Errorf("failed to check if %q is under dir %q", resolvedDest, systemDir)
190-
}
191-
192-
if isUnder {
187+
if isOrUnderDir(resolvedDest, systemDir) {
193188
return nil, errors.Errorf(
194189
"drive mount destination %q resolves to path %q under banned system directory %q",
195190
req.DestinationPath, resolvedDest, systemDir,
@@ -256,11 +251,17 @@ func evalAnySymlinks(path string) (string, error) {
256251
}
257252

258253
// returns whether the given path is the provided baseDir or is under it
259-
func isOrUnderDir(path, baseDir string) (bool, error) {
260-
relPath, err := filepath.Rel(baseDir, path)
261-
if err != nil {
262-
return false, err
254+
func isOrUnderDir(path, baseDir string) bool {
255+
path = filepath.Clean(path)
256+
baseDir = filepath.Clean(baseDir)
257+
258+
if baseDir == "/" {
259+
return true
260+
}
261+
262+
if path == baseDir {
263+
return true
263264
}
264265

265-
return !strings.HasPrefix(relPath, "../") && relPath != "..", nil
266+
return strings.HasPrefix(path, baseDir+"/")
266267
}

agent/drive_handler_test.go

Lines changed: 1 addition & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -63,131 +63,105 @@ func TestIsOrUnderDir(t *testing.T) {
6363
baseDir string
6464
path string
6565
expectedTrue bool
66-
expectedErr bool
6766
}
6867

6968
for _, tc := range []testcase{
7069
{
7170
baseDir: "/foo",
7271
path: "/foo/bar",
7372
expectedTrue: true,
74-
expectedErr: false,
7573
},
7674
{
7775
baseDir: "/foo/bar",
7876
path: "/foo/bar/baz",
7977
expectedTrue: true,
80-
expectedErr: false,
8178
},
8279
{
8380
baseDir: "/foo",
8481
path: "/foo",
8582
expectedTrue: true,
86-
expectedErr: false,
8783
},
8884
{
8985
baseDir: "/foo/bar",
9086
path: "/foo/bar",
9187
expectedTrue: true,
92-
expectedErr: false,
9388
},
9489
{
9590
baseDir: "/foo",
9691
path: "/foobar",
9792
expectedTrue: false,
98-
expectedErr: false,
9993
},
10094
{
10195
baseDir: "/foo",
10296
path: "/bar",
10397
expectedTrue: false,
104-
expectedErr: false,
10598
},
10699
{
107100
baseDir: "/foo/bar",
108101
path: "/bar",
109102
expectedTrue: false,
110-
expectedErr: false,
111103
},
112104
{
113105
baseDir: "/foo/bar",
114106
path: "/foo",
115107
expectedTrue: false,
116-
expectedErr: false,
117108
},
118109
{
119110
baseDir: "/foo/bar",
120111
path: "/bar/bar",
121112
expectedTrue: false,
122-
expectedErr: false,
123113
},
124114
{
125115
baseDir: "/foo",
126116
path: "foo",
127117
expectedTrue: false,
128-
expectedErr: true,
129118
},
130119
{
131120
baseDir: "/foo",
132121
path: "bar",
133122
expectedTrue: false,
134-
expectedErr: true,
135123
},
136124
{
137125
baseDir: "/foo",
138126
path: "/foo/../foo",
139127
expectedTrue: true,
140-
expectedErr: false,
141128
},
142129
{
143130
baseDir: "/foo/bar",
144131
path: "/foo/../foo/bar",
145132
expectedTrue: true,
146-
expectedErr: false,
147133
},
148134
{
149135
baseDir: "/foo",
150136
path: "/foo/../bar",
151137
expectedTrue: false,
152-
expectedErr: false,
153138
},
154139
{
155140
baseDir: "/foo",
156141
path: "/foo/..bar",
157142
expectedTrue: true,
158-
expectedErr: false,
159143
},
160144
{
161145
baseDir: "/foo",
162146
path: "/foo/..bar/baz",
163147
expectedTrue: true,
164-
expectedErr: false,
165148
},
166149
{
167150
baseDir: "/",
168151
path: "/",
169152
expectedTrue: true,
170-
expectedErr: false,
171153
},
172154
{
173155
baseDir: "/foo",
174156
path: "/",
175157
expectedTrue: false,
176-
expectedErr: false,
177158
},
178159
{
179160
baseDir: "/",
180161
path: "/foo",
181162
expectedTrue: true,
182-
expectedErr: false,
183163
},
184164
} {
185-
isUnder, err := isOrUnderDir(tc.path, tc.baseDir)
186-
assert.Equalf(t, tc.expectedTrue, isUnder, "unexpected output for isOrUnderDir case %+v", tc)
187-
if tc.expectedErr {
188-
assert.Errorf(t, err, "unexpected error from isOrUnderDir case %+v", tc)
189-
} else {
190-
assert.NoErrorf(t, err, "unexpected error from isOrUnderDir case %+v", tc)
191-
}
165+
assert.Equalf(t, tc.expectedTrue, isOrUnderDir(tc.path, tc.baseDir), "unexpected output for isOrUnderDir case %+v", tc)
192166
}
193167
}

0 commit comments

Comments
 (0)