clean_data_path() checks that file is contained within root

fixes #50
ropensci · Aug 14, 2019 · bd5bbce · bd5bbce
1 parent cbceda4
commit bd5bbce
Show file tree

Hide file tree

Showing 11 changed files with 37 additions and 11 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -1,9 +1,15 @@
-git2rdata 0.1.0.9000 (2019-07-03)
+git2rdata 0.1.0.9000 (2019-08-13)
 =================================
 
-  * Only require `upgrade_data()` for data written with versions prior to 0.0.5 (#44)
-  * Improve warnings() and error()
-  * Use vector version of logo
+### BREAKING FEATURES
+
+  * `write_vc()` and `read_vc()` fail when `file` is a location outside of `root` (#50).
+
+### NEW FEATURES
+
+  * Only require `upgrade_data()` for data written with versions prior to 0.0.5 (#44).
+  * Improve warnings() and error().
+  * Use vector version of logo.
 
 git2rdata 0.1 (2019-06-04)
 ============================

diff --git a/R/clean_data_path.R b/R/clean_data_path.R
@@ -11,6 +11,10 @@
 clean_data_path <- function(root, file, normalize = TRUE) {
   assert_that(is.flag(normalize), noNA(normalize))
   dir_name <- dirname(file)
+  if (length(grep("\\.\\.", dir_name))) {
+    stop("file should not contain '..'")
+  }
+
   file <- gsub("\\..*$", "", basename(file))
   if (dir_name == ".") {
     path <- file.path(root, file)

diff --git a/R/write_vc.R b/R/write_vc.R
@@ -7,6 +7,7 @@
 #' @param file the name of the git2rdata object. Git2rdata objects cannot
 #' have dots in their name. The name may include a relative path. `file` is a
 #' path relative to the `root`.
+#' Note that `file` must point to a location within `root`.
 #' @param root The root of a project. Can be a file path or a `git-repository`.
 #' Defaults to the current working directory (`"."`).
 #' @param sorting an optional vector of column names defining which columns to

diff --git a/man/is_git2rdata.Rd b/man/is_git2rdata.Rd
diff --git a/man/is_git2rmeta.Rd b/man/is_git2rmeta.Rd
diff --git a/man/read_vc.Rd b/man/read_vc.Rd
diff --git a/man/recent_commit.Rd b/man/recent_commit.Rd
diff --git a/man/relabel.Rd b/man/relabel.Rd
diff --git a/man/upgrade_data.Rd b/man/upgrade_data.Rd
diff --git a/man/write_vc.Rd b/man/write_vc.Rd
diff --git a/tests/testthat/test_a_basics.R b/tests/testthat/test_a_basics.R
@@ -12,6 +12,14 @@ expect_error(read_vc(root = 1), "a 'root' of class numeric is not supported")
 root <- tempfile(pattern = "git2rdata-basic")
 dir.create(root)
 expect_false(any(file.exists(git2rdata:::clean_data_path(root, "test"))))
+expect_error(
+  git2rdata:::clean_data_path(root, "../wrong_location"),
+  "file should not contain '..'"
+)
+expect_error(
+  git2rdata:::clean_data_path(root, "./../wrong_location"),
+  "file should not contain '..'"
+)
 expect_is(
   output <- write_vc(
     x = test_data, file = "test.txt", root = root, sorting = "test_Date"