~repos /rust-embed

#rust#proc-macro#http

git clone https://pyrossh.dev/repos/rust-embed.git

rust macro which loads files into the rust binary at compile time during release and loads the file from the fs during dev.

Readme
|
Commits
|
Files
639ec4dc Buckram

1 year ago 
found better function
Files changed (1) hide show
  1. impl/src/lib.rs +1 -5
impl/src/lib.rs CHANGED
@@ -143,11 +143,7 @@ fn dynamic(ident: &syn::Ident, folder_path: String, prefix: Option<&str>, includ
143
143
  // Tried to request a path that is not in the embedded folder
144
144
 
145
145
  // Should be allowed only if it was a symlink
146
- // TODO: Currently it allows "path_traversal_attack" for the symlink files
147
- // For it to be working properly we need to get absolute path first
148
- // and check that instead if it starts with `canonical_folder_path`
149
- // https://doc.rust-lang.org/std/path/fn.absolute.html (currently nightly)
150
- let metadata = ::std::fs::metadata(file_path.as_path()).ok()?;
146
+ let metadata = ::std::fs::symlink_metadata(file_path.as_path()).ok()?;
151
147
  if !metadata.is_symlink() {
152
148
  return ::std::option::Option::None;
153
149
  }