Project

General

Profile

Actions

Feature #14643

closed

Remove problematic separator '\0' of Dir.glob and Dir.[]

Added by usa (Usaku NAKAMURA) almost 6 years ago. Updated about 3 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:86377]

Description

Dir.glob and Dir.[] accepts '\0' separated string as the parameter,
but this feature is very problematic.
Shouldn't we remove this feature for Ruby3 ?

Updated by shevegen (Robert A. Heiler) almost 6 years ago

If it is to be removed, and it is decided to remove in ruby3,
perhaps a warning could be shown in next upcoming releases of
ruby, that this will no longer be supported, e. g. a bit similar
in how the '|' character is no longer supported as-is.

https://github.com/ruby/ruby/blob/trunk/NEWS#compatibility-issues-excluding-feature-bug-fixes

(I write if because I have no idea how ruby people use this
functionality. I myself never used '\0' and neither the '|'
character either so I could not tell. I am just saying it
in regards to whether this will change for ruby3.x)

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

diff --git a/dir.c b/dir.c
index 6d2bedf557..432db031e9 100644
--- a/dir.c
+++ b/dir.c
@@ -2536,6 +2536,7 @@ rb_push_glob(VALUE str, VALUE base, int flags) /* '\0' is delimiter */
     long offset = 0;
     long len;
     VALUE ary;
+    int warned = FALSE;
 
     /* can contain null bytes as separators */
     if (!RB_TYPE_P((str), T_STRING)) {
@@ -2553,6 +2554,10 @@ rb_push_glob(VALUE str, VALUE base, int flags) /* '\0' is delimiter */
         const char *pbeg = RSTRING_PTR(str), *p = pbeg + offset;
         const char *pend = memchr(p, '\0', rest);
         if (pend) {
+            if (!warned) {
+                rb_warn("use Array of glob patterns instead of nul-separated patterns");
+                warned = TRUE;
+            }
             rest = ++pend - p;
             offset = pend - pbeg;
         }

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

I've missed to set warned flag, and rubyspec shows the warning.

diff --git a/spec/ruby/core/dir/shared/glob.rb b/spec/ruby/core/dir/shared/glob.rb
index 40973995c1..2fe22ac6c3 100644
--- a/spec/ruby/core/dir/shared/glob.rb
+++ b/spec/ruby/core/dir/shared/glob.rb
@@ -25,9 +25,11 @@
     Dir.send(@method, obj).should == %w[file_one.ext]
   end
 
-  it "splits the string on \\0 if there is only one string given" do
-    Dir.send(@method, "file_o*\0file_t*").should ==
-             %w!file_one.ext file_two.ext!
+  ruby_version_is ""..."2.6" do
+    it "splits the string on \\0 if there is only one string given" do
+      Dir.send(@method, "file_o*\0file_t*").should ==
+        %w!file_one.ext file_two.ext!
+    end
   end
 
   it "matches non-dotfiles with '*'" do

Updated by matz (Yukihiro Matsumoto) almost 6 years ago

LGTM. The change will reduce the potential security risk.

Matz.

Actions #5

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r63190.


dir.c: warning for NUL

  • dir.c (rb_push_glob): warn NUL-separated glob patterns.
    [Feature #14643]

Updated by mame (Yusuke Endoh) over 4 years ago

  • Status changed from Closed to Open

Will this behavior be removed in 2.7?

Actions #8

Updated by mame (Yusuke Endoh) about 3 years ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0