Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: variables in template file names #105

Merged
merged 2 commits into from
Jun 11, 2024
Merged

feat: variables in template file names #105

merged 2 commits into from
Jun 11, 2024

Conversation

vesse
Copy link
Contributor

@vesse vesse commented May 21, 2024

Render variables to template file names too

@vesse vesse requested a review from majori May 21, 2024 12:04
@vesse vesse linked an issue May 21, 2024 that may be closed by this pull request
Support templates in filenames #59
Closed
@vesse vesse force-pushed the feat/variables-in-template-file-names branch from 7c637ce to cb04703 Compare May 21, 2024 12:12
majori
majori requested changes Jun 4, 2024
View reviewed changes
Copy link
Member

@majori majori left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a validator and a test to check what happens if variable tries to escape the file from project directory. For example if the README_FILE_NAME variable equals ../../foo/bar.

We can not allow files being generated/overwritten outside of the project context.

@majori
Copy link
Member

majori commented Jun 4, 2024
edited
Loading

We could also add a failsafe to the saver function to make sure that the file does not try to escape dest.

@vesse vesse force-pushed the feat/variables-in-template-file-names branch 2 times, most recently from b36b622 to c5d8f5b Compare June 6, 2024 10:25
@vesse
Copy link
Contributor Author

vesse commented Jun 6, 2024
edited
Loading

Added validation to saver. Should I still add check also for the interactive part or just consider passing invalid file name as a user being wiseass on purpose and it's OK to just fail during save? Validating the input would require quite a lot of context since just having .. in the value does not mean the output would escape the project folder since the template named file can be in deep folder structure.

@majori
Copy link
Member

majori commented Jun 10, 2024

Yeah I think it is fine to validate it only when saving. The validation is mainly meant for the user to protect from malicious recipe which tries to override /etc/passwd or similar

@vesse vesse force-pushed the feat/variables-in-template-file-names branch from c5d8f5b to 8dba1aa Compare June 11, 2024 06:13
@vesse vesse merged commit 1f45505 into main Jun 11, 2024
4 checks passed
@vesse vesse deleted the feat/variables-in-template-file-names branch June 11, 2024 06:16
@github-actions github-actions bot mentioned this pull request Jun 11, 2024
Merged
@rchojn rchojn mentioned this pull request Nov 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@majori majori majori approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support templates in filenames
2 participants
@vesse @majori