Skip to content

Commit 03dedd9

Browse files
ZalatharZalathar
authored
Rollup merge of rust-lang#125060 - ChrisJefferson:pathbuf-doc, r=workingjubilee
Expand documentation of PathBuf, discussing lack of sanitization Various methods in `PathBuf`, in particular `set_file_name` and `set_extension` accept strings which include path seperators (like `../../etc`). These methods just glue together strings, so you can end up with strange strings. This isn't reasonable to change/fix at this point, and might not even be fixable, but I think should be documented. In particular, you probably shouldn't blindly build paths using strings given by possibly malicious users.
2 parents 5997b68 + 34e4b6d commit 03dedd9

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

std/src/path.rs

+24
Original file line numberDiff line numberDiff line change
@@ -1153,6 +1153,21 @@ impl FusedIterator for Ancestors<'_> {}
11531153
/// ```
11541154
///
11551155
/// Which method works best depends on what kind of situation you're in.
1156+
///
1157+
/// Note that `PathBuf` does not always sanitize arguments, for example
1158+
/// [`push`] allows paths built from strings which include separators:
1159+
///
1160+
/// use std::path::PathBuf;
1161+
///
1162+
/// let mut path = PathBuf::new();
1163+
///
1164+
/// path.push(r"C:\");
1165+
/// path.push("windows");
1166+
/// path.push(r"..\otherdir");
1167+
/// path.push("system32");
1168+
///
1169+
/// The behaviour of `PathBuf` may be changed to a panic on such inputs
1170+
/// in the future. [`Extend::extend`] should be used to add multi-part paths.
11561171
#[cfg_attr(not(test), rustc_diagnostic_item = "PathBuf")]
11571172
#[stable(feature = "rust1", since = "1.0.0")]
11581173
pub struct PathBuf {
@@ -1391,6 +1406,9 @@ impl PathBuf {
13911406
/// `file_name`. The new path will be a sibling of the original path.
13921407
/// (That is, it will have the same parent.)
13931408
///
1409+
/// The argument is not sanitized, so can include separators. This
1410+
/// behaviour may be changed to a panic in the future.
1411+
///
13941412
/// [`self.file_name`]: Path::file_name
13951413
/// [`pop`]: PathBuf::pop
13961414
///
@@ -1411,6 +1429,12 @@ impl PathBuf {
14111429
///
14121430
/// buf.set_file_name("baz");
14131431
/// assert!(buf == PathBuf::from("/baz"));
1432+
///
1433+
/// buf.set_file_name("../b/c.txt");
1434+
/// assert!(buf == PathBuf::from("/../b/c.txt"));
1435+
///
1436+
/// buf.set_file_name("baz");
1437+
/// assert!(buf == PathBuf::from("/../b/baz"));
14141438
/// ```
14151439
#[stable(feature = "rust1", since = "1.0.0")]
14161440
pub fn set_file_name<S: AsRef<OsStr>>(&mut self, file_name: S) {

0 commit comments

Comments
 (0)