Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict directory names #354

Open
thorehusfeldt opened this issue Nov 28, 2024 · 6 comments
Open

Restrict directory names #354

thorehusfeldt opened this issue Nov 28, 2024 · 6 comments

Comments

@thorehusfeldt
Copy link
Contributor

thorehusfeldt commented Nov 28, 2024
edited
Loading

In 2023-07-draft, we have

All file names for files included in the package must match the regexp
^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,253}[a-zA-Z0-9]$
i.e., they must be of length at least 2, at most 255, consist solely of lower- or uppercase letters a–z, A–Z, digits 0–9, period, dash, or underscore, but must not begin or end with a period, dash, or underscore.

This allows 1.in, aa and foo.bar.baz_baz-baz but disallows 1_. Fine so far.

For directories, there is no restriction, as far as I can tell. Thus the following are all valid:

  • the testgroup secret/1/,
  • the testcase input file secret/1/1.in
  • the input validator input_validators/v (containing input_validators/v/validate.cpp and input_validators/v/validate.

and so on. I think all of these are fine.

What is also currently allowed, as far as I can tell are

  • the testgroup secret/_/,
  • the testgroup secret/huge.connected,
  • the testcase input file secret/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/1.in,
  • the input validator input_validators/[﷽,
  • the submission directory submissions/😊/th.py,

as well as several other references to validators, testgroups, testcases, visualisers or submissions that use “whatever the operating system supports”.

I propose to tighten the specification as follows:

All names for directories included in the package must match the regexp
^([a-zA-Z0-9][a-zA-Z0-9_-]{0,253}[a-zA-Z0-9]|[a-zA-Z0-9])$
i.e., they must be of length at least 1, at most 255, consist solely of lower- or uppercase letters a–z, A–Z, digits 0–9, dash, or underscore (no period), but must not begin or end with a period, dash, or underscore.

Moreover, I would like to clarify that

Paths that appear in yaml files (including the names of test cases, test groups, or submissions) use the forward slash / to separate names.
@RagnarGrootKoerkamp
Copy link
Collaborator

RagnarGrootKoerkamp commented Nov 28, 2024
edited
Loading

sgtm. Regex would be a bit shorter as (spaces for clarity)

^[a-zA-Z0-9] ( [a-zA-Z0-9_-]{0,253} [a-zA-Z0-9] )? $

@eldering
Copy link
Collaborator

Sounds good to me!

@niemela
Copy link
Member

niemela commented Nov 28, 2024

Overall, sounds very good. Some minor comments below.

In 2024-08, we have

What are you referring to? We don't have a 2024-08 specified anywhere?

I propose to tighten the specification as follows:

All names for directories included in the package must match the regexp
^([a-zA-Z0-9][a-zA-Z0-9_-]{0,253}[a-zA-Z0-9]|[a-zA-Z0-9])$
i.e., they must be of length at least 1, at most 255, consist solely of lower- or uppercase letters a–z, A–Z, digits 0–9, dash, or underscore (no period), but must not begin or end with a period, dash, or underscore.

Why not use the same for files and directories?

I wonder why we felt that filenames must be of length at least 2?

Moreover, I would like to clarify that

Paths that appear in yaml files (including the names of test cases, test groups, or submissions) use the forward slash / to separate names.

👍

@thorehusfeldt
Copy link
Contributor Author

What are you referring to? We don't have a 2024-08 specified anywhere?

My mistake. Fixed.

Why not use the same for files and directories?

One reason is .. For files, we do need to be able to express 1.in. On the other hand, for directories, the full stop leads to problems, for instance there are traditions such as YAML where dot has special meaning. In particular, secret.foo.bar is the same as

secret:
   foo:
      bar:

So if we allow a directory named data/secret/foo.bar/ but also data/secret/foo/bar then I can see all kinds of weird problems occurring.

I wonder why we felt that filenames must be of length at least 2?

No idea, but I like it.

@thorehusfeldt
Copy link
Contributor Author

thorehusfeldt commented Dec 2, 2024
edited
Loading

As an extra gift, somewhat related, I would really-really like to forbid:

data/secret/huge/1.in
data/secret/huge.in

i.e., forbid having a test group and a test case in the same directory (in this case data/secret) and the same name (in this case, secret/huge).

@RagnarGrootKoerkamp
Copy link
Collaborator

As an extra gift, somewhat related, I would really-really like to forbid ...

Agreed; let's not allow that.

secret.foo.bar is the same as ...

That's not actually the case in YAML itself, but there are some frameworks that automatically translate this into secret: {foo: {bar: ...}}.
Either way, not having periods in directory names sgtm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@thorehusfeldt @niemela @eldering @RagnarGrootKoerkamp