mirror/v
1
0
Fork 0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
Code Issues Projects Releases Wiki Activity
4bd49a0149
v/vlib/os
History
Delyan Angelov 728b198384
os: extract dir_expansions_test.v from os_test.v
2022-09-01 13:07:29 +03:00
..
bare ci: re-enable testing of ./v -freestanding run vlib/os/bare/bare_example_linux.v on ubuntu 2021-04-22 12:50:56 +03:00
cmdline builtin: remove methods that can be autogenerated (#11109) 2021-08-09 15:42:31 +03:00
filelock os: filesystem level locking api (#11191) 2021-08-17 08:21:33 +03:00
font os: add font module, move from gg (#13144) 2022-01-13 12:16:18 +02:00
notify fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
args.v all: update copyright year 2022-01-04 12:21:12 +03:00
const_nix.c.v os: reduce heap allocations done by os.real_path, os.executable, os.getwd 2022-08-17 17:06:38 +03:00
const_windows.c.v os: reduce heap allocations done by os.real_path, os.executable, os.getwd 2022-08-17 17:06:38 +03:00
const.v os: add a posix_set_permission_bit function (#7754) 2021-01-04 19:57:17 +02:00
dir_expansions_test.v os: extract dir_expansions_test.v from os_test.v 2022-09-01 13:07:29 +03:00
environment_test.v os: add os.getenv_opt/1 2021-11-19 17:47:45 +02:00
environment.c.v all: wrap up unsafe { nil } (p. 3) 2022-07-21 21:01:30 +03:00
environment.js.v js,gg: more work on porting gg to JS backend (#12903) 2021-12-20 16:18:21 +03:00
fd.c.v all: ~500 more byte=>u8 2022-04-15 18:25:45 +03:00
file_test.v os: fix os.open_file('text.txt', 'wb', 0o666), add test (#15420) 2022-08-14 09:50:05 +03:00
file.c.v os: fix os.open_file('text.txt', 'wb', 0o666), add test (#15420) 2022-08-14 09:50:05 +03:00
file.js.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
filepath_test.v os: add windows_volume function (#14721) 2022-06-08 21:26:24 +03:00
filepath_windows.v os: correct description of windows_volume function (#14726) 2022-06-09 10:56:58 +03:00
filepath.v os: add windows_volume function (#14721) 2022-06-08 21:26:24 +03:00
find_abs_path_of_executable_test.v os: make find_abs_path_of_executable_test.v more robust (fix #15459) 2022-08-20 10:06:58 +03:00
glob_test.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
inode_test.v vfmt: keep file permissions with -w on !windows (#13334) 2022-02-01 14:49:06 +02:00
inode.c.v vfmt: keep file permissions with -w on !windows (#13334) 2022-02-01 14:49:06 +02:00
open_uri_default.c.v os: add exo-open to the list of tried launchers in os.open_uri/1 (#14884) 2022-06-29 11:59:25 +03:00
open_uri_windows.c.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
os_android_outside_termux.c.v os: clean up usage of ANativeActivity, allow access to fields (#14948) 2022-07-05 16:30:10 +03:00
os_darwin.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_js.js.v os: rewrite os.walk and os.walk_with_context to use iteration, instead of recursion 2022-08-22 17:27:14 +03:00
os_linux.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_nix.c.v os: fix type in error message (#15533) 2022-08-26 06:59:52 +03:00
os_structs_dirent_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_structs_sigaction_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_structs_stat_default.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_stat_linux.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_utsname_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_test.v os: extract dir_expansions_test.v from os_test.v 2022-09-01 13:07:29 +03:00
os_windows.c.v os: remove commented code in os_windows.c.v 2022-08-22 14:54:38 +03:00
os.c.v os: rewrite os.walk and os.walk_with_context to use iteration, instead of recursion 2022-08-22 17:27:14 +03:00
os.js.v os: fix find_abs_path_of_executable function (on Windows) (#14835) 2022-06-23 03:36:15 +03:00
os.v os: rewrite os.walk and os.walk_with_context to use iteration, instead of recursion 2022-08-22 17:27:14 +03:00
password_nix.c.v os: add input_password(prompt) and unit tests (#15507) 2022-08-23 18:17:38 +03:00
password_windows.c.v os: add input_password(prompt) and unit tests (#15507) 2022-08-23 18:17:38 +03:00
process_nix.c.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process_test.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
process_windows.c.v all: wrap up unsafe { nil } (p. 3) 2022-07-21 21:01:30 +03:00
process.c.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process.js.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
README.md os: add a security advisory for potential TOCTOU risks when using os.is_writable, os.is_executable etc (#15222) 2022-07-26 12:02:48 +03:00
signal_test.v builtin: show non zero codes on bubbled error_with_code(msg,code) errors 2022-08-16 18:59:38 +03:00
signal.c.v os: add support for signal handling on JS backend (#12818) 2021-12-13 20:18:12 +02:00
signal.js.v os: add support for signal handling on JS backend (#12818) 2021-12-13 20:18:12 +02:00
signal.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00

README.md

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.

Security advice related to TOCTOU attacks

A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack 
if os.is_writable("file"){

    // >> time to make a quick attack (e.g. symlink /etc/passwd to >file<) <<

    mut f := os.create('path/to/file') ?
        // <do something with file>
    f.close()
}
TOCTOU not possible 
mut f := os.create('path/to/file') or {
    println("file not writable")
}

// >> do someting with file; file is locked <<

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

  • os.is_readable()
  • os.is_writable()
  • os.is_executable()
  • os.is_link()