@ictechgy/context-guard 0.4.7 → 0.4.8

package/CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes for the ContextGuard plugin are documented here.
 
 ## [Unreleased]
 
+## [0.4.8] - 2026-06-11
+
+- Hardened experimental registry config writes with same-directory atomic replace so failed writes or symlink swaps do not truncate or redirect the live config.
+- Hardened dispatcher version metadata reads with dir-fd no-follow parent traversal to close parent symlink races.
+- Preserved bounded filter passthrough ordering without holding the capture state lock during emission.
+- Serialized context pack sanitizer factory first load and added focused race/failure regression coverage.
+- Kept plugin bin mirrors synchronized for the updated helper hardening.
+
 ## [0.4.7] - 2026-06-11
 
 - Added default-off experimental opt-in registry surfaces for future token-reduction lanes, preserving project-local intent without enabling runtime behavior.

package/context-guard-kit/context_filter.py

@@ -8,13 +8,18 @@ risk hiding evidence.
 from __future__ import annotations
 
 import argparse
+import codecs
 from dataclasses import dataclass
 import json
+import os
 from pathlib import Path
 import re
 import shlex
+import signal
 import subprocess
 import sys
+import threading
+import time
 from typing import Any, Iterable
 
 SCHEMA_VERSION = "contextguard.filter-dsl.v1"
@@ -33,6 +38,8 @@ MAX_EMIT_LINES = 5_000
 DEFAULT_TIMEOUT_SECONDS = 600
 MAX_TIMEOUT_SECONDS = 86_400
 TIMEOUT_EXIT_CODE = 124
+TIMEOUT_PIPE_DRAIN_GRACE_SECONDS = 5.0
+PIPE_THREAD_CLOSE_GRACE_SECONDS = 1.0
 FILTER_KEYS = {"id", "match", "passthrough_on_exit", "include_regex", "exclude_regex", "head_lines", "tail_lines", "max_lines"}
 MATCH_KEYS = {"argv_prefix", "argv_regex"}
 PROTECTED_BASENAMES = {
@@ -329,22 +336,204 @@ def print_validation(valid: bool, errors: list[str], count: int, as_json: bool)
             print(f"- {error}", file=sys.stderr)
 
 
-def timeout_text(value: str | bytes | None) -> str:
-    if isinstance(value, str):
-        return value
-    return (value or b"").decode("utf-8", "replace")
+@dataclass
+class CommandResult:
+    returncode: int
+    stdout_text: str
+    stderr_text: str
+    output_bytes: int
+    capture_limited: bool
+    timed_out: bool
+    drain_timed_out: bool
+    passthrough_emitted: bool
 
 
-def run_command(argv: list[str], timeout_seconds: int) -> tuple[int, str, str, bool]:
+def write_binary_chunk(stream: Any, chunk: bytes) -> None:
+    if not chunk:
+        return
+    stream.flush()
+    binary = getattr(stream, "buffer", None)
+    if binary is not None:
+        binary.write(chunk)
+    else:
+        stream.write(chunk.decode("utf-8", "replace"))
+    stream.flush()
+
+
+class BoundedCapture:
+    def __init__(self, max_capture_bytes: int) -> None:
+        self.max_capture_bytes = max_capture_bytes
+        self.stdout = bytearray()
+        self.stderr = bytearray()
+        self.output_bytes = 0
+        self.capture_limited = False
+        self.passthrough_emitted = False
+        self._lock = threading.Lock()
+        self._emit_condition = threading.Condition()
+        self._next_emit_order = 0
+        self._active_emit_order = 0
+        self._stdout_decoder = codecs.getincrementaldecoder("utf-8")("replace")
+        self._stderr_decoder = codecs.getincrementaldecoder("utf-8")("replace")
+
+    def consume(self, stream_name: str, chunk: bytes) -> None:
+        if not chunk:
+            return
+        passthrough: list[tuple[Any, bytes]] = []
+        emit_order: int | None = None
+        with self._lock:
+            self.output_bytes += len(chunk)
+            if self.capture_limited:
+                passthrough.append((sys.stdout if stream_name == "stdout" else sys.stderr, chunk))
+            else:
+                stored_total = len(self.stdout) + len(self.stderr)
+                remaining = self.max_capture_bytes - stored_total
+                target = self.stdout if stream_name == "stdout" else self.stderr
+                if len(chunk) <= remaining:
+                    target.extend(chunk)
+                    return
+                if remaining > 0:
+                    target.extend(chunk[:remaining])
+                    overflow = chunk[remaining:]
+                else:
+                    overflow = chunk
+                self.capture_limited = True
+                self.passthrough_emitted = True
+                passthrough.extend(
+                    [
+                        (sys.stdout, bytes(self.stdout)),
+                        (sys.stderr, bytes(self.stderr)),
+                        (sys.stdout if stream_name == "stdout" else sys.stderr, overflow),
+                    ]
+                )
+            if passthrough:
+                emit_order = self._next_emit_order
+                self._next_emit_order += 1
+        if emit_order is None:
+            return
+        with self._emit_condition:
+            while emit_order != self._active_emit_order:
+                self._emit_condition.wait()
+        try:
+            for stream, payload in passthrough:
+                write_binary_chunk(stream, payload)
+        finally:
+            with self._emit_condition:
+                self._active_emit_order += 1
+                self._emit_condition.notify_all()
+
+    def text(self) -> tuple[str, str]:
+        with self._lock:
+            stdout_bytes = bytes(self.stdout)
+            stderr_bytes = bytes(self.stderr)
+        stdout = self._stdout_decoder.decode(stdout_bytes, final=True)
+        stderr = self._stderr_decoder.decode(stderr_bytes, final=True)
+        return stdout, stderr
+
+
+def run_command(argv: list[str], timeout_seconds: int, max_capture_bytes: int) -> CommandResult:
+    if not argv:
+        stderr = f"{TOOL_NAME}: command failed to start: no command provided\n"
+        output_bytes = len(stderr.encode("utf-8", "replace"))
+        return CommandResult(127, "", stderr, output_bytes, False, False, False, False)
+    capture = BoundedCapture(max_capture_bytes)
+
+    def read_pipe(pipe: Any, stream_name: str) -> None:
+        try:
+            while True:
+                chunk = pipe.read(64 * 1024)
+                if not chunk:
+                    break
+                capture.consume(stream_name, chunk)
+        finally:
+            try:
+                pipe.close()
+            except OSError:
+                pass
+
+    def terminate_processes(proc: subprocess.Popen[bytes], *, force: bool) -> None:
+        if os.name == "posix":
+            try:
+                os.killpg(proc.pid, signal.SIGKILL if force else signal.SIGTERM)
+                return
+            except ProcessLookupError:
+                return
+            except OSError:
+                pass
+        try:
+            if proc.poll() is not None:
+                return
+            if force:
+                proc.kill()
+            else:
+                proc.terminate()
+        except (OSError, ValueError):
+            pass
+
+    def close_pipes(proc: subprocess.Popen[bytes]) -> None:
+        for pipe in (proc.stdout, proc.stderr):
+            if pipe is None:
+                continue
+            try:
+                pipe.close()
+            except OSError:
+                pass
+
+    def join_threads_until(threads: tuple[threading.Thread, threading.Thread], deadline: float) -> bool:
+        for thread in threads:
+            remaining = max(0.0, deadline - time.monotonic())
+            thread.join(timeout=remaining)
+        return all(not thread.is_alive() for thread in threads)
+
+    def terminate_and_close(proc: subprocess.Popen[bytes], threads: tuple[threading.Thread, threading.Thread]) -> None:
+        terminate_processes(proc, force=False)
+        try:
+            proc.wait(timeout=PIPE_THREAD_CLOSE_GRACE_SECONDS)
+        except subprocess.TimeoutExpired:
+            pass
+        if join_threads_until(threads, time.monotonic() + PIPE_THREAD_CLOSE_GRACE_SECONDS):
+            return
+        terminate_processes(proc, force=True)
+        try:
+            proc.wait(timeout=PIPE_THREAD_CLOSE_GRACE_SECONDS)
+        except subprocess.TimeoutExpired:
+            pass
+        close_pipes(proc)
+        for thread in threads:
+            thread.join(timeout=PIPE_THREAD_CLOSE_GRACE_SECONDS)
+
     try:
-        proc = subprocess.run(argv, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, errors="replace", timeout=timeout_seconds)
-        return proc.returncode, proc.stdout or "", proc.stderr or "", False
-    except subprocess.TimeoutExpired as exc:
-        stdout = timeout_text(exc.stdout)
-        stderr = timeout_text(exc.stderr) + f"\n[{TOOL_NAME}] command timed out after {timeout_seconds}s\n"
-        return TIMEOUT_EXIT_CODE, stdout, stderr, True
+        started_at = time.monotonic()
+        proc = subprocess.Popen(argv, stdout=subprocess.PIPE, stderr=subprocess.PIPE, start_new_session=(os.name == "posix"))
+        assert proc.stdout is not None
+        assert proc.stderr is not None
+        stdout_thread = threading.Thread(target=read_pipe, args=(proc.stdout, "stdout"), daemon=True)
+        stderr_thread = threading.Thread(target=read_pipe, args=(proc.stderr, "stderr"), daemon=True)
+        reader_threads = (stdout_thread, stderr_thread)
+        stdout_thread.start()
+        stderr_thread.start()
+        timed_out = False
+        drain_timed_out = False
+        try:
+            returncode = proc.wait(timeout=timeout_seconds)
+        except subprocess.TimeoutExpired:
+            timed_out = True
+            returncode = TIMEOUT_EXIT_CODE
+            terminate_and_close(proc, reader_threads)
+        drain_deadline = time.monotonic() + TIMEOUT_PIPE_DRAIN_GRACE_SECONDS
+        if not join_threads_until(reader_threads, drain_deadline):
+            drain_timed_out = True
+            terminate_and_close(proc, reader_threads)
+        if timed_out:
+            capture.consume("stderr", f"\n[{TOOL_NAME}] command timed out after {timeout_seconds}s\n".encode("utf-8"))
+        elif drain_timed_out:
+            capture.consume("stderr", f"\n[{TOOL_NAME}] command pipe drain timed out after direct process exit\n".encode("utf-8"))
+        stdout_text, stderr_text = ("", "") if capture.capture_limited else capture.text()
+        return CommandResult(returncode, stdout_text, stderr_text, capture.output_bytes, capture.capture_limited, timed_out, drain_timed_out, capture.passthrough_emitted)
     except OSError as exc:
-        return 127, "", f"{TOOL_NAME}: command failed to start: {exc.strerror or exc.__class__.__name__}\n", False
+        stderr = f"{TOOL_NAME}: command failed to start: {exc.strerror or exc.__class__.__name__}\n"
+        encoded = stderr.encode("utf-8", "replace")
+        output_bytes = len(encoded)
+        return CommandResult(127, "", stderr, output_bytes, False, False, False, False)
 
 
 def emit_run_report(args: argparse.Namespace, payload: dict[str, Any]) -> None:
@@ -373,19 +562,21 @@ def cmd_run(args: argparse.Namespace) -> int:
     max_line_chars = bounded_int(args.max_line_chars, DEFAULT_MAX_LINE_CHARS, 1, MAX_LINE_CHARS_LIMIT)
     timeout_seconds = bounded_int(args.timeout_seconds, DEFAULT_TIMEOUT_SECONDS, 1, MAX_TIMEOUT_SECONDS)
     filters, errors = load_filters(Path(args.config).expanduser())
-    rc, stdout_text, stderr_text, timed_out = run_command(command, timeout_seconds)
-    output = stdout_text + stderr_text
-    output_bytes = len(output.encode("utf-8", "replace"))
+    result = run_command(command, timeout_seconds, max_capture)
+    rc = result.returncode
+    output = result.stdout_text + result.stderr_text
     protected_nonzero = rc != 0 and is_protected_command(command)
     report: dict[str, Any] = {"tool": TOOL_NAME, "schema_version": SCHEMA_VERSION, "mode": "run", "command_exit_code": rc, "decision": "passthrough", "reason": "unclassified", "protected_nonzero": protected_nonzero}
-    if timed_out:
+    if result.timed_out:
         report["reason"] = "timeout"
+    elif result.drain_timed_out:
+        report["reason"] = "pipe-drain-timeout"
     elif errors:
         report["reason"] = "invalid-config"
         report["errors"] = errors[:10]
-    elif output_bytes > max_capture:
+    elif result.capture_limited:
         report["reason"] = "capture-limit"
-        report["output_bytes"] = output_bytes
+        report["output_bytes"] = result.output_bytes
         report["max_capture_bytes"] = max_capture
     else:
         matched = next((flt for flt in filters if filter_matches(flt, command)), None)
@@ -413,12 +604,12 @@ def cmd_run(args: argparse.Namespace) -> int:
                     report.update({"decision": "filtered", "reason": "matched", "filter_id": matched.id, "input_lines": len(lines), "output_lines": len(filtered)})
                     emit_run_report(args, report)
                     return rc
-    sys.stdout.write(stdout_text)
-    sys.stderr.write(stderr_text)
+    if not result.passthrough_emitted:
+        sys.stdout.write(result.stdout_text)
+        sys.stderr.write(result.stderr_text)
     emit_run_report(args, report)
     return rc
 
-
 def build_parser() -> argparse.ArgumentParser:
     parser = argparse.ArgumentParser(prog=TOOL_NAME, description="Validate and apply bounded declarative command-output filters. Filtered mode applies line rules to combined stdout+stderr and writes the filtered result to stdout; passthrough mode preserves stdout/stderr streams.")
     sub = parser.add_subparsers(dest="command_name", required=True)

package/context-guard-kit/context_guard_cli.py

@@ -11,11 +11,17 @@ import json
 import os
 from pathlib import Path
 import subprocess
+import stat
 import sys
 from typing import NoReturn
 
 COMMAND_NAME = "context-guard"
 PACKAGE_NAME = "@ictechgy/context-guard"
+MAX_VERSION_METADATA_BYTES = 64 * 1024
+ALLOWED_FIRST_ABSOLUTE_SYMLINKS = {
+    "tmp": Path("/private/tmp"),
+    "var": Path("/private/var"),
+}
 
 HELPER_SUBCOMMANDS: dict[str, tuple[str, ...]] = {
     "setup": ("context-guard-setup",),
@@ -50,16 +56,182 @@ def _script_dir() -> Path:
 
 def _candidate_roots() -> list[Path]:
     script_dir = _script_dir()
-    roots = [script_dir.parent, script_dir.parent.parent, Path.cwd()]
+    roots = [script_dir.parent, script_dir.parent.parent]
     # When run from context-guard-kit in a checkout, the repo root is one level up.
     if script_dir.name == "context-guard-kit":
         roots.insert(0, script_dir.parent)
     return list(dict.fromkeys(roots))
 
 
+def _normalized_link_target(anchor: Path, raw_target: str) -> Path:
+    target = Path(raw_target)
+    if target.is_absolute():
+        return Path(os.path.normpath(str(target)))
+    return Path(os.path.normpath(str(anchor / target)))
+
+
+def _normalize_allowed_first_absolute_symlink(path: Path) -> Path:
+    if not path.is_absolute():
+        return path
+    parts = path.parts
+    if len(parts) < 2:
+        return path
+    expected = ALLOWED_FIRST_ABSOLUTE_SYMLINKS.get(parts[1])
+    if expected is None:
+        return path
+    first = Path(path.anchor) / parts[1]
+    try:
+        if first.is_symlink() and _normalized_link_target(Path(path.anchor), os.readlink(first)) == expected:
+            return expected.joinpath(*parts[2:])
+    except OSError:
+        return path
+    return path
+
+
+def _metadata_no_follow_supported() -> bool:
+    return (
+        hasattr(os, "O_NOFOLLOW")
+        and os.open in getattr(os, "supports_dir_fd", set())
+        and os.stat in getattr(os, "supports_dir_fd", set())
+        and os.stat in getattr(os, "supports_follow_symlinks", set())
+    )
+
+
+def _directory_open_flags(*, follow_final: bool = False) -> int:
+    flags = os.O_RDONLY
+    if hasattr(os, "O_CLOEXEC"):
+        flags |= os.O_CLOEXEC
+    if hasattr(os, "O_DIRECTORY"):
+        flags |= os.O_DIRECTORY
+    if not follow_final:
+        flags |= os.O_NOFOLLOW
+    return flags
+
+
+def _metadata_file_open_flags() -> int:
+    flags = os.O_RDONLY | os.O_NOFOLLOW
+    if hasattr(os, "O_CLOEXEC"):
+        flags |= os.O_CLOEXEC
+    if hasattr(os, "O_NONBLOCK"):
+        flags |= os.O_NONBLOCK
+    if hasattr(os, "O_NOCTTY"):
+        flags |= os.O_NOCTTY
+    return flags
+
+
+def _leaf_name(path: Path) -> str | None:
+    name = path.name
+    if name in {"", ".", ".."}:
+        return None
+    return name
+
+
+def _open_metadata_parent_no_follow(path: Path) -> int | None:
+    if not _metadata_no_follow_supported():
+        return None
+    path = _normalize_allowed_first_absolute_symlink(path)
+    try:
+        if path.is_absolute():
+            current_fd = os.open(path.anchor or os.sep, _directory_open_flags(follow_final=True))
+            parts = path.parts[1:-1]
+        else:
+            current_fd = os.open(".", _directory_open_flags(follow_final=True))
+            parts = path.parts[:-1]
+    except OSError:
+        return None
+    try:
+        for part in parts:
+            if part in {"", "."}:
+                continue
+            if part == "..":
+                return None
+            next_fd = -1
+            try:
+                next_fd = os.open(part, _directory_open_flags(), dir_fd=current_fd)
+                if not stat.S_ISDIR(os.fstat(next_fd).st_mode):
+                    try:
+                        os.close(next_fd)
+                    except OSError:
+                        pass
+                    next_fd = -1
+                    return None
+            except OSError:
+                if next_fd >= 0:
+                    try:
+                        os.close(next_fd)
+                    except OSError:
+                        pass
+                try:
+                    os.close(current_fd)
+                except OSError:
+                    pass
+                current_fd = -1
+                return None
+            try:
+                os.close(current_fd)
+            except OSError:
+                pass
+            current_fd = next_fd
+        owned_fd = current_fd
+        current_fd = -1
+        return owned_fd
+    finally:
+        if current_fd >= 0:
+            try:
+                os.close(current_fd)
+            except OSError:
+                pass
+
+
+def _read_metadata_text(path: Path) -> str | None:
+    path = _normalize_allowed_first_absolute_symlink(path)
+    parent_fd = _open_metadata_parent_no_follow(path)
+    if parent_fd is None:
+        return None
+    fd = -1
+    data = b""
+    try:
+        leaf = _leaf_name(path)
+        if leaf is None:
+            return None
+        pre_open = os.stat(leaf, dir_fd=parent_fd, follow_symlinks=False)
+        if not stat.S_ISREG(pre_open.st_mode):
+            return None
+        if pre_open.st_size > MAX_VERSION_METADATA_BYTES:
+            return None
+        fd = os.open(leaf, _metadata_file_open_flags(), dir_fd=parent_fd)
+        opened = os.fstat(fd)
+        if not stat.S_ISREG(opened.st_mode):
+            return None
+        if opened.st_size > MAX_VERSION_METADATA_BYTES:
+            return None
+        data = os.read(fd, MAX_VERSION_METADATA_BYTES + 1)
+    except OSError:
+        return None
+    finally:
+        if fd >= 0:
+            try:
+                os.close(fd)
+            except OSError:
+                pass
+        try:
+            os.close(parent_fd)
+        except OSError:
+            pass
+    if len(data) > MAX_VERSION_METADATA_BYTES:
+        return None
+    try:
+        return data.decode("utf-8")
+    except UnicodeDecodeError:
+        return None
+
+
 def _load_json(path: Path) -> dict[str, object] | None:
+    text = _read_metadata_text(path)
+    if text is None:
+        return None
     try:
-        data = json.loads(path.read_text(encoding="utf-8"))
+        data = json.loads(text)
     except (OSError, json.JSONDecodeError):
         return None
     return data if isinstance(data, dict) else None

package/context-guard-kit/context_pack.py

@@ -24,6 +24,7 @@ import shlex
 import stat
 import subprocess
 import sys
+import threading
 import time
 from dataclasses import dataclass
 from typing import Any
@@ -183,23 +184,43 @@ class FallbackLineSanitizer:
         return line, bool(count)
 
 
+# Process-static cache: CLI invocations should not re-import the sanitizer for
+# every file, while each sanitize_text() call still gets a fresh stateful
+# sanitizer instance.
+_LINE_SANITIZER_FACTORY_CACHE: Any | None = None
+_LINE_SANITIZER_FACTORY_LOCK = threading.Lock()
+
+
+def load_line_sanitizer_factory() -> Any:
+    global _LINE_SANITIZER_FACTORY_CACHE
+    if _LINE_SANITIZER_FACTORY_CACHE is not None:
+        return _LINE_SANITIZER_FACTORY_CACHE
+    with _LINE_SANITIZER_FACTORY_LOCK:
+        if _LINE_SANITIZER_FACTORY_CACHE is not None:
+            return _LINE_SANITIZER_FACTORY_CACHE
+        script_dir = Path(__file__).resolve().parent
+        for name in ("sanitize_output.py", "context-guard-sanitize-output", "claude-sanitize-output"):
+            candidate = script_dir / name
+            if not candidate.exists():
+                continue
+            try:
+                loader = importlib.machinery.SourceFileLoader(f"_context_guard_pack_sanitize_{os.getpid()}", str(candidate))
+                spec = importlib.util.spec_from_loader(loader.name, loader)
+                if spec is None:
+                    raise RuntimeError("import spec unavailable")
+                module = importlib.util.module_from_spec(spec)
+                loader.exec_module(module)
+                _LINE_SANITIZER_FACTORY_CACHE = module.LineSanitizer
+                return _LINE_SANITIZER_FACTORY_CACHE
+            except Exception as exc:
+                raise RuntimeError(f"could not load sanitizer {candidate}: {exc}") from exc
+        _LINE_SANITIZER_FACTORY_CACHE = FallbackLineSanitizer
+        return _LINE_SANITIZER_FACTORY_CACHE
+
+
 def load_line_sanitizer(show_paths: bool = False) -> object:
-    script_dir = Path(__file__).resolve().parent
-    for name in ("sanitize_output.py", "context-guard-sanitize-output", "claude-sanitize-output"):
-        candidate = script_dir / name
-        if not candidate.exists():
-            continue
-        try:
-            loader = importlib.machinery.SourceFileLoader(f"_context_guard_pack_sanitize_{os.getpid()}", str(candidate))
-            spec = importlib.util.spec_from_loader(loader.name, loader)
-            if spec is None:
-                raise RuntimeError("import spec unavailable")
-            module = importlib.util.module_from_spec(spec)
-            loader.exec_module(module)
-            return module.LineSanitizer(show_paths=show_paths)
-        except Exception as exc:
-            raise RuntimeError(f"could not load sanitizer {candidate}: {exc}") from exc
-    return FallbackLineSanitizer(show_paths=show_paths)
+    sanitizer_factory = load_line_sanitizer_factory()
+    return sanitizer_factory(show_paths=show_paths)
 
 
 def sanitize_text(text: str, *, show_paths: bool = False) -> tuple[str, int]:
@@ -464,6 +485,21 @@ def open_dir_no_follow(path: Path | str, *, dir_fd: int | None = None) -> int:
         raise
 
 
+def file_open_flags() -> int:
+    flags = os.O_RDONLY
+    for name in ("O_NOFOLLOW", "O_CLOEXEC", "O_NONBLOCK", "O_NOCTTY"):
+        flags |= getattr(os, name, 0)
+    return flags
+
+
+def stat_leaf_no_follow(name: str, *, dir_fd: int) -> os.stat_result | None:
+    supports_dir_fd = os.stat in getattr(os, "supports_dir_fd", set())
+    supports_no_follow = os.stat in getattr(os, "supports_follow_symlinks", set())
+    if not supports_dir_fd or not supports_no_follow:
+        return None
+    return os.stat(name, dir_fd=dir_fd, follow_symlinks=False)
+
+
 def open_regular_under_root(root: Path, rel: Path) -> tuple[Any | None, str]:
     current_fd: int | None = None
     try:
@@ -484,11 +520,20 @@ def open_regular_under_root(root: Path, rel: Path) -> tuple[Any | None, str]:
                 os.close(current_fd)
                 current_fd = next_fd
                 continue
-            flags = os.O_RDONLY
-            if hasattr(os, "O_NOFOLLOW"):
-                flags |= os.O_NOFOLLOW
-            if hasattr(os, "O_CLOEXEC"):
-                flags |= os.O_CLOEXEC
+            try:
+                pre_st = stat_leaf_no_follow(part, dir_fd=current_fd)
+            except FileNotFoundError:
+                return None, "missing"
+            except NotADirectoryError:
+                return None, "missing"
+            except OSError:
+                return None, "unsafe_path"
+            if pre_st is not None:
+                if stat.S_ISLNK(pre_st.st_mode):
+                    return None, "unsafe_path"
+                if not stat.S_ISREG(pre_st.st_mode):
+                    return None, "empty_source"
+            flags = file_open_flags()
             file_fd = -1
             try:
                 file_fd = os.open(part, flags, dir_fd=current_fd)