mirror/v
1
0
Fork 0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
Code Issues Projects Releases Wiki Activity
7f91db695c
v/vlib/os
History
Delyan Angelov f427a5241a
os,tools: add os.vtmp_dir() 
Use it to consistently place all temporary files created by tests in a overridable folder specific to the user, that is easy to cleanup later.

NOTE: os.temp_dir() on macos returns `/tmp`, and using `/tmp/v` is a problem when multiple unix users are trying to access/create/write to it.
2022-11-03 10:19:51 +02:00
..
bare ci: re-enable testing of ./v -freestanding run vlib/os/bare/bare_example_linux.v on ubuntu 2021-04-22 12:50:56 +03:00
cmdline builtin: remove methods that can be autogenerated (#11109) 2021-08-09 15:42:31 +03:00
filelock os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
font os: fix font.v compilation 2022-10-27 11:13:43 +03:00
notify all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
args.v all: update copyright year 2022-01-04 12:21:12 +03:00
const_nix.c.v os: reduce heap allocations done by os.real_path, os.executable, os.getwd 2022-08-17 17:06:38 +03:00
const_windows.c.v os: reduce heap allocations done by os.real_path, os.executable, os.getwd 2022-08-17 17:06:38 +03:00
const.v os: add a posix_set_permission_bit function (#7754) 2021-01-04 19:57:17 +02:00
dir_expansions_test.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
environment_test.v os: add os.getenv_opt/1 2021-11-19 17:47:45 +02:00
environment.c.v os: remove private unix_environ() helper function, it is not needed anymore (#15654) 2022-09-04 13:22:38 +03:00
environment.js.v js,gg: more work on porting gg to JS backend (#12903) 2021-12-20 16:18:21 +03:00
fd.c.v all: ~500 more byte=>u8 2022-04-15 18:25:45 +03:00
file_test.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
file.c.v all: remove unnecessary IError() casts 2022-10-28 19:08:30 +03:00
file.js.v all: remove unnecessary IError() casts 2022-10-28 19:08:30 +03:00
filepath_test.v os: add os.to_slash and os.from_slash functions (#16055) 2022-10-14 10:22:36 +03:00
filepath_windows.v os: correct description of windows_volume function (#14726) 2022-06-09 10:56:58 +03:00
filepath.v os: add os.to_slash and os.from_slash functions (#16055) 2022-10-14 10:22:36 +03:00
find_abs_path_of_executable_test.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
glob_test.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
inode_test.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
inode.c.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
open_uri_default.c.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
open_uri_windows.c.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
os_android_outside_termux.c.v checker: fix nested struct reference type field initialized check. (fix: #15741) (#15752) 2022-09-15 07:59:31 +03:00
os_darwin.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_js.js.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
os_linux.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_nix.c.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
os_structs_dirent_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_structs_sigaction_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_structs_stat_default.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_stat_linux.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_utsname_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_test.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
os_windows.c.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
os.c.v builtin: make the C. WIN32 API declarations more precise, to catch errors earlier (#16090) 2022-10-17 20:23:33 +03:00
os.js.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
os.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
password_nix.c.v os: add input_password(prompt) and unit tests (#15507) 2022-08-23 18:17:38 +03:00
password_windows.c.v os: add input_password(prompt) and unit tests (#15507) 2022-08-23 18:17:38 +03:00
process_nix.c.v pref,os,sokol,cgen: ease compilation of 2048 with -os wasm32_emscripten (#15820) 2022-09-20 00:17:13 +03:00
process_test.v os,tools: add os.vtmp_dir() 2022-11-03 10:19:51 +02:00
process_windows.c.v checker: fix nested struct reference type field initialized check. (fix: #15741) (#15752) 2022-09-15 07:59:31 +03:00
process.c.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process.js.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
README.md os: add a security advisory for potential TOCTOU risks when using os.is_writable, os.is_executable etc (#15222) 2022-07-26 12:02:48 +03:00
signal_test.v builtin: show non zero codes on bubbled error_with_code(msg,code) errors 2022-08-16 18:59:38 +03:00
signal.c.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
signal.js.v os: add support for signal handling on JS backend (#12818) 2021-12-13 20:18:12 +02:00
signal.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00

README.md

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.

Security advice related to TOCTOU attacks

A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack 
if os.is_writable("file"){

    // >> time to make a quick attack (e.g. symlink /etc/passwd to >file<) <<

    mut f := os.create('path/to/file') ?
        // <do something with file>
    f.close()
}
TOCTOU not possible 
mut f := os.create('path/to/file') or {
    println("file not writable")
}

// >> do someting with file; file is locked <<

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

  • os.is_readable()
  • os.is_writable()
  • os.is_executable()
  • os.is_link()