mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
eeebc41638
Doing so is not always safe and has various other issues (like target paths "a/../b" and "b" ending up as the same local path). Instead URL-encode the target path to make it a plain filename. This removes any opportunity for path trickery and removes the need to create the required sub directories (which we were not doing currently, leading to failed downloads). URL-encoding encodes much more than we really need but doing so should not hurt: the important thing is that it encodes all path separators. Return the actual filepath as return value. I would like to modify the arguments so caller could decide the filename if they want to. But I won't do it now because updated_targets() (the caching mechanism) relies on filenames being chosen by TUF. The plan is to make it possible for caller to choose the filename though. This is clearly a "filesystem API break" for anyone depending on the actual target file names, and does not make sense if we do not plan to go forward with other updated_targets()/download_target() changes listed in #1580. This is part of bigger plan in #1580 Fixes #1571 Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com> |
||
|---|---|---|
| .. | ||
| repository_data | ||
| ssl_certs | ||
| .coveragerc | ||
| __init__.py | ||
| aggregate_tests.py | ||
| fast_server_exit.py | ||
| repository_simulator.py | ||
| simple_https_server.py | ||
| simple_server.py | ||
| slow_retrieval_server.py | ||
| test_api.py | ||
| test_arbitrary_package_attack.py | ||
| test_developer_tool.py | ||
| test_download.py | ||
| test_endless_data_attack.py | ||
| test_extraneous_dependencies_attack.py | ||
| test_fetcher.py | ||
| test_fetcher_ng.py | ||
| test_formats.py | ||
| test_indefinite_freeze_attack.py | ||
| test_key_revocation_integration.py | ||
| test_keydb.py | ||
| test_log.py | ||
| test_metadata_serialization.py | ||
| test_mirrors.py | ||
| test_mix_and_match_attack.py | ||
| test_multiple_repositories_integration.py | ||
| test_replay_attack.py | ||
| test_repository_lib.py | ||
| test_repository_tool.py | ||
| test_roledb.py | ||
| test_root_versioning_integration.py | ||
| test_sig.py | ||
| test_slow_retrieval_attack.py | ||
| test_trusted_metadata_set.py | ||
| test_tutorial.py | ||
| test_unittest_toolbox.py | ||
| test_updater.py | ||
| test_updater_ng.py | ||
| test_updater_root_rotation_integration.py | ||
| test_updater_with_simulator.py | ||
| test_utils.py | ||
| utils.py | ||