Method FileUtils.remove_entry_secure removes securely by applying a special pre-process: To avoid that vulnerability, you can use this method to remove entries:įileUtils.remove_entry_secure: removes recursively if the target path points to a directory.Īlso available are these methods, each of which calls FileUtils.remove_entry_secure:įileUtils.rm_r with keyword argument secure: true.įileUtils.rm_rf with keyword argument secure: true.įinally, this method for moving entries calls FileUtils.remove_entry_secure if the source and destination are on different file systems (which means that the “move” is really a copy and remove):įileUtils.mv with keyword argument secure: true.
The directory tree at the target path includes: # => src0 # |- sub0 # | |- src0.txt # | `- src1.txt # `- sub1 # |- src2.txt # `- src3.txt Avoiding the TOCTTOU Vulnerability ¶ ↑įor certain methods that recursively remove entries, there is a potential vulnerability called the Time-of-check to time-of-use, or TOCTTOU, vulnerability that can exist when:Īn ancestor directory of the entry at the target path is world writable such directories include /tmp. We use a helper method to launch the command and control the format: def tree( dirpath = '.')Ĭommand = "tree -noreport -charset=ascii #" system( command) For these, we sometimes display trees using the tree command-line utility, which is a recursive directory-listing utility that produces a depth-indented listing of files and directories. Some examples here involve trees of file entries. If the argument has method :to_str, it is converted via that method. If the argument has method :to_path, it is converted via that method. If the argument is a string, that value is the path. Some methods in FileUtils accept path arguments, which are interpreted as paths to filesystem entries: ::options_of: Returns the names of the options for a given method. ::have_option?: Returns whether a given method accepts a given option. ::commands: Returns the names of methods that accept options. ::collect_method: Returns the names of methods that accept a given option. ::install: Recursively copies files, optionally setting mode, owner, and group. ::cp_r: Recursively copies files, retaining mode, owner, and group. ::copy_entry: Recursively copies an entry. ::compare_stream: Returns whether two streams are identical. ::compare_file, ::cmp, ::identical?: Returns whether two entries are identical. ::touch: Sets modification and access times for entries, creating if necessary. ::chown_R: Sets the owner and group for entries and their descendants. ::chown: Sets the owner and group for entries. ::chmod_R: Sets permissions for an entry and its descendants. ::cd, ::chdir: Sets the working directory. ::uptodate?: Returns whether a given entry is newer than given other entries. ::pwd, ::getwd: Returns the path to the working directory. ::rm_rf, ::rmtree: Like ::rm_r, but removes forcibly. ::rm_r: Removes entries and their descendants. ::rm_f, ::safe_unlink: Like ::rm, but removes forcibly. ::remove_entry_secure: Like ::remove_entry, but removes securely. ::remove_entry: Removes an entry, including its descendants if it is a directory. ::remove_dir: Removes a directory and its descendants. ::ln_sr: Creates symbolic links relative to targets ::ln_sf: Creates symbolic links, overwriting if necessary. ::ln_s, ::symlink: Creates symbolic links. ::mkdir_p, ::makedirs, ::mkpath: Creates directories, also creating ancestor directories as needed. Here, module FileUtils provides methods that are useful for: Supplements class File (but is not included or extended there). Namespace for file utility methods for copying, moving, removing, etc.
0 kommentar(er)
