1
0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
v/vlib/os
Roy Ivy III dd55365dee
os: cleanup the output of os.uname() on windows (#17066)
* os: (WinOS) mimic current practices of `busybox` and `coreutils`

* os: trim any possible surounding whitespace
2023-01-22 11:59:42 +02:00
..
bare ci: re-enable testing of ./v -freestanding run vlib/os/bare/bare_example_linux.v on ubuntu 2021-04-22 12:50:56 +03:00
cmdline builtin: remove methods that can be autogenerated (#11109) 2021-08-09 15:42:31 +03:00
filelock vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
font vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
notify vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
args.v all: update copyright year 2022-01-04 12:21:12 +03:00
const_nix.c.v os: reduce heap allocations done by os.real_path, os.executable, os.getwd 2022-08-17 17:06:38 +03:00
const_windows.c.v checker: check int overflow for const vars (#16332) 2022-11-06 08:22:28 +03:00
const.v os: add a posix_set_permission_bit function (#7754) 2021-01-04 19:57:17 +02:00
dir_expansions_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
environment_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
environment.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
environment.js.v js,gg: more work on porting gg to JS backend (#12903) 2021-12-20 16:18:21 +03:00
fd.c.v all: ~500 more byte=>u8 2022-04-15 18:25:45 +03:00
file_test.v os: add test for os.open_append (#16846) 2023-01-03 01:11:35 +02:00
file.c.v all: replace generic <> with [] - part 2 (#16536) 2022-11-26 18:23:26 +02:00
file.js.v all: remove unnecessary IError() casts 2022-10-28 19:08:30 +03:00
filepath_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
filepath_windows.v os: correct description of windows_volume function (#14726) 2022-06-09 10:56:58 +03:00
filepath.v os: add os.to_slash and os.from_slash functions (#16055) 2022-10-14 10:22:36 +03:00
find_abs_path_of_executable_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
glob_test.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
inode_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
inode.c.v os: make os.FileMode public (#16923) 2023-01-09 22:34:36 +02:00
open_uri_default.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
open_uri_windows.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
os_android_outside_termux.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
os_darwin.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_js.js.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
os_linux.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_nix.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
os_structs_dirent_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_structs_sigaction_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_structs_stat_default.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_stat_linux.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_utsname_default.c.v os: move C struct declarations in their own _default.c.v files (#12268) 2021-10-22 17:08:08 +03:00
os_test.v os: fix os.file_ext('/tmp/.gitignore') previously returning '.gitignore' => it now returns '' (#16771) 2022-12-26 12:53:38 +02:00
os_windows.c.v os: cleanup the output of os.uname() on windows (#17066) 2023-01-22 11:59:42 +02:00
os.c.v os: add hint for mv_by_cp to mv (#17036) 2023-01-19 16:50:57 +02:00
os.js.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
os.v os: minor optimization in os.v (#16791) 2022-12-28 10:28:47 +02:00
password_nix.c.v os: add input_password(prompt) and unit tests (#15507) 2022-08-23 18:17:38 +03:00
password_windows.c.v os: add input_password(prompt) and unit tests (#15507) 2022-08-23 18:17:38 +03:00
process_nix.c.v all: fix dependant->dependent typos, cleanup comments 2022-12-02 12:51:10 +02:00
process_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
process_windows.c.v checker: require unsafe for Struct(voidptr) casts 2023-01-06 09:28:11 +03:00
process.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
process.js.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
process.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
README.md os: add a security advisory for potential TOCTOU risks when using os.is_writable, os.is_executable etc (#15222) 2022-07-26 12:02:48 +03:00
signal_test.v builtin: show non zero codes on bubbled error_with_code(msg,code) errors 2022-08-16 18:59:38 +03:00
signal.c.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
signal.js.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
signal.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.


A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack
if os.is_writable("file"){

    // >> time to make a quick attack (e.g. symlink /etc/passwd to >file<) <<

    mut f := os.create('path/to/file') ?
        // <do something with file>
    f.close()
}
TOCTOU not possible
mut f := os.create('path/to/file') or {
    println("file not writable")
}

// >> do someting with file; file is locked <<

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

  • os.is_readable()
  • os.is_writable()
  • os.is_executable()
  • os.is_link()