Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

TARGETPATH is ambiguously a URL (or not)

See original GitHub issue

From here: https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt#L736-L737

Each key of the TARGETS object is a TARGETPATH. A TARGETPATH is a path to a file that is relative to a mirror’s base URL of targets.

The spec should say that this value is a percent encoded URL that way it is obvious it can be appended unmodified to an existing URL. Otherwise it needs to be "".join([pct_encode(x) for x in target_path.split('/')]) or some other shenanigans.

Issue Analytics

State:
Created 6 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

heartsuckercommented, Jul 4, 2017

I think think the spec should only mention that it’s worth considering target paths and metadata paths be “clean” as different OS’s or FS’s might behave badly with certain input and cite some of those as examples. If someone wants TUF on Linux only, the only path components that should be disallowed are ‘…’ and things prefixed with ‘/’ (the latter really is for overkill safety since implementation should be joining this to a path). So yes, should and should not but not must and must not.

1reaction

heartsuckercommented, Jul 4, 2017

As a note, TARGETPATH is neither URL nor a file path. It’s somehow both and needs careful validation so that we don’t break *nix/Windows.

For example: https://github.com/heartsucker/rust-tuf/blob/develop/src/metadata.rs#L19-L134

static PATH_ILLEGAL_COMPONENTS: &'static [&str] = &[
    "", // empty
    ".", // current dir
    "..", // parent dir
    // TODO ? "0", // may translate to nul in windows
];

static PATH_ILLEGAL_COMPONENTS_CASE_INSENSITIVE: &'static [&str] = &[
    // DOS device files
    "CON",
    "PRN",
    "AUX",
    "NUL",
    "COM1",
    "COM2",
    "COM3",
    "COM4",
    "COM5",
    "COM6",
    "COM7",
    "COM8",
    "COM9",
    "LPT1",
    "LPT2",
    "LPT3",
    "LPT4",
    "LPT5",
    "LPT6",
    "LPT7",
    "LPT8",
    "LPT9",
    "KEYBD$",
    "CLOCK$",
    "SCREEN$",
    "$IDLE$",
    "CONFIG$",
];

static PATH_ILLEGAL_STRINGS: &'static [&str] = &[
    "\\", // for windows compatibility
    "<",
    ">",
    "\"",
    "|",
    "?",
    "*",
    // control characters, all illegal in FAT
    "\u{000}",
    "\u{001}",
    "\u{002}",
    "\u{003}",
    "\u{004}",
    "\u{005}",
    "\u{006}",
    "\u{007}",
    "\u{008}",
    "\u{009}",
    "\u{00a}",
    "\u{00b}",
    "\u{00c}",
    "\u{00d}",
    "\u{00e}",
    "\u{00f}",
    "\u{010}",
    "\u{011}",
    "\u{012}",
    "\u{013}",
    "\u{014}",
    "\u{015}",
    "\u{016}",
    "\u{017}",
    "\u{018}",
    "\u{019}",
    "\u{01a}",
    "\u{01b}",
    "\u{01c}",
    "\u{01d}",
    "\u{01e}",
    "\u{01f}",
    "\u{07f}",
];

fn safe_path(path: &str) -> Result<()> {
    if path.starts_with("/") {
        return Err(Error::IllegalArgument("Cannot start with '/'".into()));
    }

    for bad_str in PATH_ILLEGAL_STRINGS {
        if path.contains(bad_str) {
            return Err(Error::IllegalArgument(
                format!("Path cannot contain {:?}", bad_str),
            ));
        }
    }

    for component in path.split('/') {
        for bad_str in PATH_ILLEGAL_COMPONENTS {
            if component == *bad_str {
                return Err(Error::IllegalArgument(
                    format!("Path cannot have component {:?}", component),
                ));
            }
        }

        let component_lower = component.to_lowercase();
        for bad_str in PATH_ILLEGAL_COMPONENTS_CASE_INSENSITIVE {
            if component_lower.as_str() == *bad_str {
                return Err(Error::IllegalArgument(
                    format!("Path cannot have component {:?}", component),
                ));
            }
        }
    }

    Ok(())
}

That’s the current validation I do on TARGETPATH and METAPATH, and I’m pretty sure there’s some checks that are missing.

Top Results From Across the Web

Ambiguous output from tree with respect to symbolic links

Whenever I use command line tools, I like to make sure that the output can be interpreted unambiguously. On one of my other...

Drools - Resource does not have neither a source nor a target ...

I'm very new to Drools and adapted the Spring Boot configuration i found here to enable me to read a bunch of rules...

To Change the Target Address of URL Link or Key-in Link, or Target ...

Open the Links tab in Explorer. The active link set's name appears in the list box and its links appear below its name....

PipelineResources - Tekton

url : represents the location of the pull request to fetch. provider : represents the SCM provider to use. This will be “guessed”...

XML-twig approximate matching twig join algorithm based on DTD ...

Therefore, strict matching algorithms are not always perfect. In this paper, we propose XML-twig target path approximate matching twig join algorithm based ...