about summary refs log tree commit diff
path: root/tvix/castore/src/import
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2024-04-20T13·03+0300
committerclbot <clbot@tvl.fyi>2024-04-20T14·14+0000
commitf34e0fa34281f89f673337ce73f21b2957b41a6f (patch)
tree3cf0cc2bbcc1cac9d24923efdaccf9df8349cc2e /tvix/castore/src/import
parente9db0449e700154baee1470f914c3f09089442d0 (diff)
feat(tvix/castore/import): only allow normal components in entry paths r/7982
Explicitly document and add a debug assertion for that.

It's up to callers to ensure this doesn't happen.

Change-Id: Ib5d154809c2ad2920258e239993d0b790d846dc8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11487
Reviewed-by: Connor Brewster <cbrewster@hey.com>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Diffstat (limited to 'tvix/castore/src/import')
-rw-r--r--tvix/castore/src/import/mod.rs11
1 files changed, 10 insertions, 1 deletions
diff --git a/tvix/castore/src/import/mod.rs b/tvix/castore/src/import/mod.rs
index d2b1ee9ff70f..ff27c0fcfd2b 100644
--- a/tvix/castore/src/import/mod.rs
+++ b/tvix/castore/src/import/mod.rs
@@ -40,7 +40,8 @@ pub mod fs;
 /// The stream must have the following invariants:
 /// - All children entries must come before their parents.
 /// - The last entry must be the root node which must have a single path component.
-/// - Every entry should have a unique path.
+/// - Every entry should have a unique path, and only consist of normal components.
+///   This means, no windows path prefixes, absolute paths, `.` or `..`.
 ///
 /// Internally we maintain a [HashMap] of [PathBuf] to partially populated [Directory] at that
 /// path. Once we receive an [IngestionEntry] for the directory itself, we remove it from the
@@ -65,6 +66,14 @@ where
             // we break the loop manually.
             .expect("Tvix bug: unexpected end of stream")?;
 
+        debug_assert!(
+            entry
+                .path()
+                .components()
+                .all(|x| matches!(x, std::path::Component::Normal(_))),
+            "path may only contain normal components"
+        );
+
         let name = entry
             .path()
             .file_name()