forbid symlinks and files in the path (#301)

Byron · Byron · commit de58f50748bd · 2022-03-04T14:26:38.000+08:00
We now definitely do extra work in some cases, but save a lot in others
thanks to the sorted input.
diff --git a/git-worktree/src/index/checkout.rs b/git-worktree/src/index/checkout.rs
@@ -26,6 +26,10 @@ pub struct PathCache {
     valid_relative: PathBuf,
     /// The amount of path components of 'valid' beyond the roots components. If `root` has 2, and this is 2, `valid` has 4 components.
     valid_components: usize,
+
+    /// just for testing
+    #[cfg(debug_assertions)]
+    pub test_mkdir_calls: usize,
 }
 
 mod cache {
@@ -42,6 +46,7 @@ mod cache {
                 valid_relative: PathBuf::with_capacity(128),
                 valid_components: 0,
                 root,
+                test_mkdir_calls: 0,
             }
         }
 
@@ -51,20 +56,14 @@ mod cache {
         /// The full path to `relative` will be returned for use on the file system.
         pub fn append_relative_path_assure_leading_dir(
             &mut self,
-            relative: &Path,
+            relative: impl AsRef<Path>,
             mode: git_index::entry::Mode,
         ) -> std::io::Result<&Path> {
+            let relative = relative.as_ref();
             debug_assert!(
                 relative.is_relative(),
                 "only index paths are handled correctly here, must be relative"
             );
-            assert!(
-                (git_index::entry::Mode::SYMLINK
-                    | git_index::entry::Mode::FILE
-                    | git_index::entry::Mode::FILE_EXECUTABLE)
-                    .contains(mode),
-                "can only handle file-like items right now"
-            );
 
             let mut components = relative.components().peekable();
             let mut existing_components = self.valid_relative.components();
@@ -84,15 +83,26 @@ mod cache {
             }
 
             self.valid_components = matching_components;
-            for comp in components {
+
+            let target_is_dir = mode == git_index::entry::Mode::COMMIT || mode == git_index::entry::Mode::DIR;
+            while let Some(comp) = components.next() {
                 self.valid.push(comp);
                 self.valid_relative.push(comp);
                 self.valid_components += 1;
+                if components.peek().is_some() || target_is_dir {
+                    self.test_mkdir_calls += 1;
+                    match std::fs::create_dir(&self.valid) {
+                        Ok(()) => {}
+                        Err(err) if err.kind() == std::io::ErrorKind::AlreadyExists => {
+                            if !self.valid.symlink_metadata()?.is_dir() {
+                                return Err(err);
+                            }
+                        }
+                        Err(err) => return Err(err),
+                    }
+                }
             }
 
-            if self.valid_components > 1 {
-                std::fs::create_dir_all(self.valid.parent().expect("directory"))?;
-            }
             Ok(&self.valid)
         }
     }
diff --git a/git-worktree/tests/index/mod.rs b/git-worktree/tests/index/mod.rs
@@ -1,4 +1,81 @@
 mod checkout {
+    mod cache {
+        use git_index::entry::Mode;
+        use git_worktree::index::checkout::PathCache;
+        use std::path::Path;
+        use tempfile::{tempdir, TempDir};
+
+        #[test]
+        fn root_is_assumed_to_exist_and_files_in_root_do_not_create_directory() {
+            let dir = tempdir().unwrap();
+            let mut cache = PathCache::new(dir.path().join("non-existing-root"));
+            assert_eq!(cache.test_mkdir_calls, 0);
+
+            let path = cache
+                .append_relative_path_assure_leading_dir("hello", Mode::FILE)
+                .unwrap();
+            assert!(!path.parent().unwrap().exists(), "prefix itself is never created");
+            assert_eq!(cache.test_mkdir_calls, 0);
+        }
+
+        #[test]
+        fn directory_paths_are_created_in_full() {
+            let (mut cache, _tmp) = new_cache();
+
+            for (name, mode) in &[
+                ("dir", Mode::DIR),
+                ("submodule", Mode::COMMIT),
+                ("file", Mode::FILE),
+                ("exe", Mode::FILE_EXECUTABLE),
+                ("link", Mode::SYMLINK),
+            ] {
+                let path = cache
+                    .append_relative_path_assure_leading_dir(Path::new("dir").join(name), *mode)
+                    .unwrap();
+                assert!(path.parent().unwrap().is_dir(), "dir exists");
+            }
+
+            assert_eq!(cache.test_mkdir_calls, 3);
+        }
+
+        #[test]
+        fn existing_directories_are_fine() {
+            let (mut cache, tmp) = new_cache();
+            std::fs::create_dir(tmp.path().join("dir")).unwrap();
+
+            let path = cache
+                .append_relative_path_assure_leading_dir("dir/file", Mode::FILE)
+                .unwrap();
+            assert!(path.parent().unwrap().is_dir(), "directory is still present");
+            assert!(!path.exists(), "it won't create the file");
+        }
+
+        #[test]
+        fn symlinks_or_files_in_path_are_forbidden_or_unlinked_when_forced() {
+            let (mut cache, tmp) = new_cache();
+            let forbidden = tmp.path().join("forbidden");
+            std::fs::create_dir(&forbidden).unwrap();
+            symlink::symlink_dir(&forbidden, tmp.path().join("link-to-dir")).unwrap();
+            std::fs::write(tmp.path().join("file-in-dir"), &[]).unwrap();
+
+            for dirname in &["link-to-dir", "file-in-dir"] {
+                assert_eq!(
+                    cache
+                        .append_relative_path_assure_leading_dir(format!("{}/file", dirname), Mode::FILE)
+                        .unwrap_err()
+                        .kind(),
+                    std::io::ErrorKind::AlreadyExists
+                );
+            }
+        }
+
+        fn new_cache() -> (PathCache, TempDir) {
+            let dir = tempdir().unwrap();
+            let cache = PathCache::new(dir.path());
+            (cache, dir)
+        }
+    }
+
     #[cfg(unix)]
     use std::os::unix::prelude::MetadataExt;
     use std::{
@@ -16,13 +93,14 @@ mod checkout {
     use crate::fixture_path;
 
     #[test]
-    fn symlinks_become_files_if_disabled() {
+    fn symlinks_become_files_if_disabled() -> crate::Result {
         let opts = opts_with_symlink(false);
         let (source_tree, destination, _index, outcome) =
-            checkout_index_in_tmp_dir(opts, "make_mixed_without_submodules").unwrap();
+            checkout_index_in_tmp_dir(opts, "make_mixed_without_submodules")?;
 
-        assert_equality(&source_tree, &destination, opts.fs.symlink).unwrap();
+        assert_equality(&source_tree, &destination, opts.fs.symlink)?;
         assert!(outcome.collisions.is_empty());
+        Ok(())
     }
 
     #[test]
