-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix favorites to consult allowlist #3526
base: master
Are you sure you want to change the base?
Conversation
Need to take a look a the |
`mkdir -p #{project_path}` | ||
`mkdir -p #{project_path2}` | ||
# regular directory now though? | ||
#`mkdir -p #{s3_path}` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you expand more on what you mean by this? The next assertion passes when I uncomment this line, and it's the URLs that are wrong - and the problem there:
Which is what the old assertion was (but then if I change to the old assertion I still get S3 weirdness, so I want to investigate your thoughts behind this being commented out).
p.remote? || p.path.directory? && p.path.readable? && p.path.executable? | ||
Configuration.allowlist_paths.include?(p.path) && (p.remote? || p.path.directory?) && p.path.readable? && p.path.executable? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is the source of the issues you're having with the tests.
This would evaluate to false. I.e., it does not account for child paths.
['/a'].include?('/a/b')
I think you need to use Allowlist.default.permitted?(p.path)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is Allowlist
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I replaced Configuration.allowlist_paths.include?(p.path)
with AllowlistPolicy.default.permitted?(p.path)
and there is still wonkiness with the way the S3 path is expanded in the test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep you found it - I pulled that from memory, should have been AllowlistPolicy
class AllowlistPolicy |
@@ -20,7 +20,7 @@ def candidate_favorite_paths | |||
# returns an array of other paths provided as shortcuts to the user | |||
def favorite_paths | |||
@favorite_paths ||= candidate_favorite_paths.select do |p| | |||
p.remote? || p.path.directory? && p.path.readable? && p.path.executable? | |||
AllowlistPolicy.default.permitted?(p.path) && (p.remote? || p.path.directory?) && p.path.readable? && p.path.executable? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think remote locations adhere to these allowlists because they always check the local filesystem. That is, remote filesystems are always allowed.
So maybe this turns into something like this:
if p.remote?
true
else
AllowlistPolicy.default.permitted?(p.path) && p.path.directory? && p.path.readable? && p.path.executable?
end
Fixes #3193