-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request from GHSA-vrxp-mg9f-hwf3
Fix handling of wildcards and relative paths
- Loading branch information
Showing
5 changed files
with
682 additions
and
181 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,228 @@ | ||
// Copyright 2010 The Go Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style | ||
// license that can be found at https://golang.org/LICENSE. | ||
|
||
// this is a modified version of path.Match that removes handling of path separators | ||
|
||
package in_toto | ||
|
||
import ( | ||
"errors" | ||
"unicode/utf8" | ||
) | ||
|
||
// errBadPattern indicates a pattern was malformed. | ||
var errBadPattern = errors.New("syntax error in pattern") | ||
|
||
// match reports whether name matches the shell pattern. | ||
// The pattern syntax is: | ||
// | ||
// pattern: | ||
// { term } | ||
// term: | ||
// '*' matches any sequence of non-/ characters | ||
// '?' matches any single non-/ character | ||
// '[' [ '^' ] { character-range } ']' | ||
// character class (must be non-empty) | ||
// c matches character c (c != '*', '?', '\\', '[') | ||
// '\\' c matches character c | ||
// | ||
// character-range: | ||
// c matches character c (c != '\\', '-', ']') | ||
// '\\' c matches character c | ||
// lo '-' hi matches character c for lo <= c <= hi | ||
// | ||
// Match requires pattern to match all of name, not just a substring. | ||
// The only possible returned error is ErrBadPattern, when pattern | ||
// is malformed. | ||
// | ||
func match(pattern, name string) (matched bool, err error) { | ||
Pattern: | ||
for len(pattern) > 0 { | ||
var star bool | ||
var chunk string | ||
star, chunk, pattern = scanChunk(pattern) | ||
if star && chunk == "" { | ||
// Trailing * matches everything | ||
return true, nil | ||
} | ||
// Look for match at current position. | ||
t, ok, err := matchChunk(chunk, name) | ||
// if we're the last chunk, make sure we've exhausted the name | ||
// otherwise we'll give a false result even if we could still match | ||
// using the star | ||
if ok && (len(t) == 0 || len(pattern) > 0) { | ||
name = t | ||
continue | ||
} | ||
if err != nil { | ||
return false, err | ||
} | ||
if star { | ||
// Look for match skipping i+1 bytes. | ||
for i := 0; i < len(name); i++ { | ||
t, ok, err := matchChunk(chunk, name[i+1:]) | ||
if ok { | ||
// if we're the last chunk, make sure we exhausted the name | ||
if len(pattern) == 0 && len(t) > 0 { | ||
continue | ||
} | ||
name = t | ||
continue Pattern | ||
} | ||
if err != nil { | ||
return false, err | ||
} | ||
} | ||
} | ||
// Before returning false with no error, | ||
// check that the remainder of the pattern is syntactically valid. | ||
for len(pattern) > 0 { | ||
_, chunk, pattern = scanChunk(pattern) | ||
if _, _, err := matchChunk(chunk, ""); err != nil { | ||
return false, err | ||
} | ||
} | ||
return false, nil | ||
} | ||
return len(name) == 0, nil | ||
} | ||
|
||
// scanChunk gets the next segment of pattern, which is a non-star string | ||
// possibly preceded by a star. | ||
func scanChunk(pattern string) (star bool, chunk, rest string) { | ||
for len(pattern) > 0 && pattern[0] == '*' { | ||
pattern = pattern[1:] | ||
star = true | ||
} | ||
inrange := false | ||
var i int | ||
Scan: | ||
for i = 0; i < len(pattern); i++ { | ||
switch pattern[i] { | ||
case '\\': | ||
// error check handled in matchChunk: bad pattern. | ||
if i+1 < len(pattern) { | ||
i++ | ||
} | ||
case '[': | ||
inrange = true | ||
case ']': | ||
inrange = false | ||
case '*': | ||
if !inrange { | ||
break Scan | ||
} | ||
} | ||
} | ||
return star, pattern[0:i], pattern[i:] | ||
} | ||
|
||
// matchChunk checks whether chunk matches the beginning of s. | ||
// If so, it returns the remainder of s (after the match). | ||
// Chunk is all single-character operators: literals, char classes, and ?. | ||
func matchChunk(chunk, s string) (rest string, ok bool, err error) { | ||
// failed records whether the match has failed. | ||
// After the match fails, the loop continues on processing chunk, | ||
// checking that the pattern is well-formed but no longer reading s. | ||
failed := false | ||
for len(chunk) > 0 { | ||
if !failed && len(s) == 0 { | ||
failed = true | ||
} | ||
switch chunk[0] { | ||
case '[': | ||
// character class | ||
var r rune | ||
if !failed { | ||
var n int | ||
r, n = utf8.DecodeRuneInString(s) | ||
s = s[n:] | ||
} | ||
chunk = chunk[1:] | ||
// possibly negated | ||
negated := false | ||
if len(chunk) > 0 && chunk[0] == '^' { | ||
negated = true | ||
chunk = chunk[1:] | ||
} | ||
// parse all ranges | ||
match := false | ||
nrange := 0 | ||
for { | ||
if len(chunk) > 0 && chunk[0] == ']' && nrange > 0 { | ||
chunk = chunk[1:] | ||
break | ||
} | ||
var lo, hi rune | ||
if lo, chunk, err = getEsc(chunk); err != nil { | ||
return "", false, err | ||
} | ||
hi = lo | ||
if chunk[0] == '-' { | ||
if hi, chunk, err = getEsc(chunk[1:]); err != nil { | ||
return "", false, err | ||
} | ||
} | ||
if lo <= r && r <= hi { | ||
match = true | ||
} | ||
nrange++ | ||
} | ||
if match == negated { | ||
failed = true | ||
} | ||
|
||
case '?': | ||
if !failed { | ||
_, n := utf8.DecodeRuneInString(s) | ||
s = s[n:] | ||
} | ||
chunk = chunk[1:] | ||
|
||
case '\\': | ||
chunk = chunk[1:] | ||
if len(chunk) == 0 { | ||
return "", false, errBadPattern | ||
} | ||
fallthrough | ||
|
||
default: | ||
if !failed { | ||
if chunk[0] != s[0] { | ||
failed = true | ||
} | ||
s = s[1:] | ||
} | ||
chunk = chunk[1:] | ||
} | ||
} | ||
if failed { | ||
return "", false, nil | ||
} | ||
return s, true, nil | ||
} | ||
|
||
// getEsc gets a possibly-escaped character from chunk, for a character class. | ||
func getEsc(chunk string) (r rune, nchunk string, err error) { | ||
if len(chunk) == 0 || chunk[0] == '-' || chunk[0] == ']' { | ||
err = errBadPattern | ||
return | ||
} | ||
if chunk[0] == '\\' { | ||
chunk = chunk[1:] | ||
if len(chunk) == 0 { | ||
err = errBadPattern | ||
return | ||
} | ||
} | ||
r, n := utf8.DecodeRuneInString(chunk) | ||
if r == utf8.RuneError && n == 1 { | ||
err = errBadPattern | ||
} | ||
nchunk = chunk[n:] | ||
if len(nchunk) == 0 { | ||
err = errBadPattern | ||
} | ||
return | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
// Copyright 2009 The Go Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style | ||
// license that can be found at https://golang.org/LICENSE. | ||
|
||
// this is a modified version of path.Match that removes handling of path separators | ||
|
||
package in_toto | ||
|
||
import "testing" | ||
|
||
type MatchTest struct { | ||
pattern, s string | ||
match bool | ||
err error | ||
} | ||
|
||
var matchTests = []MatchTest{ | ||
{"*", "foo/bar", true, nil}, | ||
{"abc", "abc", true, nil}, | ||
{"*", "abc", true, nil}, | ||
{"*c", "abc", true, nil}, | ||
{"a*", "a", true, nil}, | ||
{"a*", "abc", true, nil}, | ||
{"a*", "ab/c", true, nil}, | ||
{"a*/b", "abc/b", true, nil}, | ||
{"a*/b", "a/c/b", true, nil}, | ||
{"a*b*c*d*e*/f", "axbxcxdxe/f", true, nil}, | ||
{"a*b*c*d*e*/f", "axbxcxdxexxx/f", true, nil}, | ||
{"a*b*c*d*e*/f", "axbxcxdxe/xxx/f", true, nil}, | ||
{"a*b*c*d*e*/f", "axbxcxdxexxx/fff", false, nil}, | ||
{"a*b?c*x", "abxbbxdbxebxczzx", true, nil}, | ||
{"a*b?c*x", "abxbbxdbxebxczzy", false, nil}, | ||
{"ab[c]", "abc", true, nil}, | ||
{"ab[b-d]", "abc", true, nil}, | ||
{"ab[e-g]", "abc", false, nil}, | ||
{"ab[^c]", "abc", false, nil}, | ||
{"ab[^b-d]", "abc", false, nil}, | ||
{"ab[^e-g]", "abc", true, nil}, | ||
{"a\\*b", "a*b", true, nil}, | ||
{"a\\*b", "ab", false, nil}, | ||
{"a?b", "a☺b", true, nil}, | ||
{"a[^a]b", "a☺b", true, nil}, | ||
{"a???b", "a☺b", false, nil}, | ||
{"a[^a][^a][^a]b", "a☺b", false, nil}, | ||
{"[a-ζ]*", "α", true, nil}, | ||
{"*[a-ζ]", "A", false, nil}, | ||
{"a?b", "a/b", true, nil}, | ||
{"a*b", "a/b", true, nil}, | ||
{"[\\]a]", "]", true, nil}, | ||
{"[\\-]", "-", true, nil}, | ||
{"[x\\-]", "x", true, nil}, | ||
{"[x\\-]", "-", true, nil}, | ||
{"[x\\-]", "z", false, nil}, | ||
{"[\\-x]", "x", true, nil}, | ||
{"[\\-x]", "-", true, nil}, | ||
{"[\\-x]", "a", false, nil}, | ||
{"[]a]", "]", false, errBadPattern}, | ||
{"[-]", "-", false, errBadPattern}, | ||
{"[x-]", "x", false, errBadPattern}, | ||
{"[x-]", "-", false, errBadPattern}, | ||
{"[x-]", "z", false, errBadPattern}, | ||
{"[-x]", "x", false, errBadPattern}, | ||
{"[-x]", "-", false, errBadPattern}, | ||
{"[-x]", "a", false, errBadPattern}, | ||
{"\\", "a", false, errBadPattern}, | ||
{"[a-b-c]", "a", false, errBadPattern}, | ||
{"[", "a", false, errBadPattern}, | ||
{"[^", "a", false, errBadPattern}, | ||
{"[^bc", "a", false, errBadPattern}, | ||
{"a[", "a", false, errBadPattern}, | ||
{"a[", "ab", false, errBadPattern}, | ||
{"a[", "x", false, errBadPattern}, | ||
{"a/b[", "x", false, errBadPattern}, | ||
{"a[\\", "x", false, errBadPattern}, | ||
{"*x", "xxx", true, nil}, | ||
} | ||
|
||
func TestMatch(t *testing.T) { | ||
for _, tt := range matchTests { | ||
ok, err := match(tt.pattern, tt.s) | ||
if ok != tt.match || err != tt.err { | ||
t.Errorf("Match(%#q, %#q) = %v, %v want %v, %v", tt.pattern, tt.s, ok, err, tt.match, tt.err) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.