fix: reject unsafe torrent output paths#245
Conversation
WalkthroughThis PR adds a ChangesTorrent output path sanitization
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant Caller
participant PieceManager as piece_to_paths
participant Validator as push_torrent_path_segment
Caller->>PieceManager: piece_to_paths(piece_index)
PieceManager->>Validator: validate name/path segment
alt segment safe
Validator-->>PieceManager: appended PathBuf
PieceManager-->>Caller: relative output path
else segment unsafe
Validator-->>PieceManager: TorrentError::UnsafeOutputPath
PieceManager-->>Caller: error
end
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
crates/libtortillas/src/pieces/piece_manager.rs (1)
21-43: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winReject Windows reserved names and trailing dot/space segments.
CON,NUL,COM1,LPT1, and names ending in.or space still pass asComponent::Normal, but Windows treats them specially. Add a small check here so torrent metadata can't produce paths that behave differently on that platform.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@crates/libtortillas/src/pieces/piece_manager.rs` around lines 21 - 43, The safety check in push_torrent_path_segment still allows Windows-reserved names and segments with trailing dot or space, which can behave specially on that platform. Extend the existing is_safe_segment validation in this helper to reject reserved device names like CON, NUL, COM1, and LPT1, and also reject any segment whose last character is a dot or space before calling path.push(segment).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@crates/libtortillas/src/pieces/piece_manager.rs`:
- Around line 21-43: The safety check in push_torrent_path_segment still allows
Windows-reserved names and segments with trailing dot or space, which can behave
specially on that platform. Extend the existing is_safe_segment validation in
this helper to reject reserved device names like CON, NUL, COM1, and LPT1, and
also reject any segment whose last character is a dot or space before calling
path.push(segment).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: e3d70405-607d-4062-bb89-54e6cee47bf4
📒 Files selected for processing (2)
crates/libtortillas/src/errors.rscrates/libtortillas/src/pieces/piece_manager.rs
Summary
TorrentError::UnsafeOutputPathFixes #234
Part of #221
Testing
cargo fmt --all --checkcargo nextest run -p libtortillas piece_managercargo nextest run --workspace --all-featurescargo clippy --workspace --all-targets --all-features -- -D warningsIgnored network tests were not run because this change is limited to local torrent output path validation.
Summary by CodeRabbit