Skip to content

Check symlink outside site_source without Pathutil#9015

Merged
jekyllbot merged 1 commit intojekyll:masterfrom
ashmaroli:replace-pathutil-entry-filter
Apr 3, 2022
Merged

Check symlink outside site_source without Pathutil#9015
jekyllbot merged 1 commit intojekyll:masterfrom
ashmaroli:replace-pathutil-entry-filter

Conversation

@ashmaroli
Copy link
Copy Markdown
Member

@ashmaroli ashmaroli commented Mar 28, 2022
edited
Loading

  • This is a 🔨 code refactoring.

Summary

pathutil gem appears to be unmaintained.
Therefore, emulate its existing use in lib/jekyll/entry_filter.rb using Ruby's built-in methods.

Test Coverage

Relies on existing test defined as:

jekyll/test/test_entry_filter.rb

Lines 89 to 93 in e695c1e

should "filter symlink pointing outside site source" do
ent1 = %w(_includes/tmp)
entries = EntryFilter.new(@site).filter(ent1)
assert_equal %w(), entries
end

@ashmaroli ashmaroli requested review from mattr- and parkr March 28, 2022 12:18
parkr
parkr reviewed Mar 28, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@parkr parkr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I thought of an alternative for you to consider but your original solution is likely still best.

lib/jekyll/entry_filter.rb
!Pathutil.new(entry).in_path?(
site.in_source_dir
)
!File.realpath(entry).start_with?(site.in_source_dir)
Copy link
Copy Markdown
Member

@parkr parkr Mar 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative here might be to check if a constructed path and the real path are not equal?

site.in_source_dir(entry) != File.realpath(entry)

Copy link
Copy Markdown
Member Author

@ashmaroli ashmaroli Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The downside to this is that it results in consumption of additional resources.
site.in_source_dir(entry) is more expensive (both in terms of allocations and cpu) than site.in_source_dir.

A better alternative to my original proposal here would be to check directly against site.source instead:

Suggested change
!File.realpath(entry).start_with?(site.in_source_dir)
!File.realpath(entry).start_with?(site.source)

But since EntryFilter#symlink_outside_site_source? method is mostly invoked only if site.safe && File.symlink?(entry) returns true, the difference between site.source and site.in_source_dir is negligible.

Copy link
Copy Markdown
Member

@parkr parkr Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. :shipit:

@ashmaroli
Copy link
Copy Markdown
Member Author

ashmaroli commented Apr 3, 2022

@jekyllbot: merge +dev

@jekyllbot jekyllbot merged commit 9c7972d into jekyll:master Apr 3, 2022
jekyllbot added a commit that referenced this pull request Apr 3, 2022
@jekyllbot
Update history to reflect merge of #9015 [ci skip]
354110d
@ashmaroli ashmaroli deleted the replace-pathutil-entry-filter branch April 3, 2022 16:59
github-actions bot pushed a commit that referenced this pull request Apr 3, 2022
@jekyllbot
Deploy docs from 9c7972d
4118af2 
Ashwin Maroli: Check symlink outside site_source without Pathutil (#9015)

Merge pull request 9015
@jekyll jekyll locked and limited conversation to collaborators Apr 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@parkr parkr parkr approved these changes

@mattr- mattr- Awaiting requested review from mattr-

Assignees

No one assigned

Labels

fix frozen-due-to-age internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ashmaroli @parkr @jekyllbot