From 5bb023647114267141a7610e8f1ca7d6f4f5a5a8 Mon Sep 17 00:00:00 2001 From: Florent Rougon Date: Tue, 21 Jan 2025 00:16:43 +0100 Subject: [PATCH] cppbind: check I/O rules when auto-constructing an SGPath from a Nasal scalar - Add static member function SGPath::NasalIORulesChecker as a PermissionChecker (this is essentially checkIORules() moved from the flightgear repository). - Use it in the from_nasal_helper() that creates an SGPath instance from a Nasal scalar. --- simgear/misc/sg_path.cxx | 20 +++++++++++++++++++ simgear/misc/sg_path.hxx | 7 +++++++ .../cppbind/detail/from_nasal_helper.cxx | 3 ++- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/simgear/misc/sg_path.cxx b/simgear/misc/sg_path.cxx index f6c5b089e..c66bc72c4 100644 --- a/simgear/misc/sg_path.cxx +++ b/simgear/misc/sg_path.cxx @@ -275,6 +275,26 @@ void SGPath::set_cached(bool cached) // * Access permissions for Nasal code * // *************************************************************************** +// Static member function +SGPath::Permissions SGPath::NasalIORulesChecker(const SGPath& path) +{ + Permissions perm; + + if (!path.isAbsolute()) { + // SGPath caches permissions, which breaks for relative paths if the + // current directory changes. + SG_LOG(SG_NASAL, SG_ALERT, + "SGPath::NasalIORulesChecker(): file operation on '" << + path.utf8Str() << "': access denied (relative paths not " + "accepted; use realpath() to obtain an absolute path)"); + } + + perm.read = path.isAbsolute() && !path.validate(false).isNull(); + perm.write = path.isAbsolute() && !path.validate(true).isNull(); + + return perm; +} + // Static member function void SGPath::clearListOfAllowedPaths(bool write) { diff --git a/simgear/misc/sg_path.hxx b/simgear/misc/sg_path.hxx index 32e9d662b..75da94c95 100644 --- a/simgear/misc/sg_path.hxx +++ b/simgear/misc/sg_path.hxx @@ -162,6 +162,13 @@ public: */ SGPath validate(bool write) const; + /** + * Normal PermissionChecker for SGPath instances created from Nasal. + * @param path an SGPath instance + * @return read and write permissions conforming to validate() + */ + static Permissions NasalIORulesChecker(const SGPath& path); + /** * Append another piece to the existing path. Inserts a path * separator between the existing component and the new component. diff --git a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx index bdf10fe5e..ad027c0b0 100644 --- a/simgear/nasal/cppbind/detail/from_nasal_helper.cxx +++ b/simgear/nasal/cppbind/detail/from_nasal_helper.cxx @@ -47,7 +47,8 @@ namespace nasal SGPath from_nasal_helper(naContext c, naRef ref, const SGPath*) { naRef na_str = naStringValue(c, ref); - return SGPath(std::string(naStr_data(na_str), naStr_len(na_str))); + return SGPath(std::string(naStr_data(na_str), naStr_len(na_str)), + &SGPath::NasalIORulesChecker); } //---------------------------------------------------------------------------- -- GitLab