Skip to content

Commit

Permalink
Don't follow symlinks when deleting test outputs
Browse files Browse the repository at this point in the history
Update tools/test/test-setup.sh to not follow symlinks when deleting the
contents of `$TEST_UNDECLARED_OUTPUTS_DIR` after creating the
`$TEST_UNDECLARED_OUTPUTS_ZIP` when `--zip_undeclared_test_outputs` is
enabled.

This fixes a serious bug where an absolute symlink generated in the test
could delete files anywhere on the filesystem.

For example, a `sh_test` containing a line like:

    ln -s "$HOME" "$TEST_UNDECLARED_OUTPUTS_DIR/home"

would have caused the users home directory to be deleted after copying
it in to the output.zip.

Change-Id: Ia4a8a9699e4e2f40498342af55babc5554a9ac93
  • Loading branch information
alanfalloon committed Nov 8, 2023
1 parent a7b1d36 commit d084450
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions tools/test/test-setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -421,14 +421,15 @@ fi

# Zip up undeclared outputs.
if [[ -n "$TEST_UNDECLARED_OUTPUTS_ZIP" ]] && cd "$TEST_UNDECLARED_OUTPUTS_DIR"; then
shopt -s dotglob
if [[ "$(echo *)" != "*" ]]; then
# If * found nothing, echo printed the literal *.
# Otherwise echo printed the top-level files and directories.
# Pass files to zip with *, so paths with spaces aren't broken up.
# Remove original files after zipping them.
zip -qrm "$TEST_UNDECLARED_OUTPUTS_ZIP" -- * 2>/dev/null || \
shopt -s dotglob nullglob
# Capture the contents of TEST_UNDECLARED_OUTPUTS_DIR prior to creating the output.zip
UNDECLARED_OUTPUTS=(*)
if [[ "${#UNDECLARED_OUTPUTS[@]}" != 0 ]]; then
zip -qr "$TEST_UNDECLARED_OUTPUTS_ZIP" -- "${UNDECLARED_OUTPUTS[@]}" 2>/dev/null || \
echo >&2 "Could not create \"$TEST_UNDECLARED_OUTPUTS_ZIP\": zip not found or failed"
# Use 'rm' instead of 'zip -m' so that we don't follow symlinks when deleting the
# contents.
rm -r "${UNDECLARED_OUTPUTS[@]}"
fi
fi

Expand Down

0 comments on commit d084450

Please sign in to comment.