fix(config): ensure config file is absolute path and prevent writing to symlink#3788
fix(config): ensure config file is absolute path and prevent writing to symlink#3788frostming wants to merge 2 commits into
Conversation
…to symlink Signed-off-by: Frost Ming <me@frostming.com>
…nfig files Signed-off-by: Frost Ming <me@frostming.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 36bbbdd257
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| def __init__(self, config_file: Path, is_global: bool = False): | ||
| self.is_global = is_global | ||
| self.config_file = config_file.resolve() | ||
| self.config_file = config_file.absolute() |
There was a problem hiding this comment.
Using Path.absolute() in Config.__init__ preserves lexical .. segments, so later _save_config() can create unintended directories when self.config_file.parent.mkdir(parents=True) runs (for example, with -c configs/../pdm.toml, a configs/ directory can be created even though it is not part of the canonical target path). This is a regression from resolve() and can also trigger avoidable write failures if those extra intermediate segments collide with files.
Useful? React with 👍 / 👎.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3788 +/- ##
=======================================
Coverage 86.25% 86.25%
=======================================
Files 118 118
Lines 12432 12433 +1
Branches 2082 2083 +1
=======================================
+ Hits 10723 10724 +1
Misses 1139 1139
Partials 570 570
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
1 participant
Signed-off-by: Frost Ming me@frostming.com
Pull Request Checklist
news/describing what is new.Describe what you have changed in this PR.