@photostructure/fs-metadata 0.3.3 → 0.4.0

package/src/darwin/hidden.cpp

@@ -15,6 +15,13 @@ GetHiddenWorker::GetHiddenWorker(std::string path,
 
 void GetHiddenWorker::Execute() {
   DEBUG_LOG("[GetHiddenWorker] checking hidden status for: %s", path_.c_str());
+
+  // Add path validation to prevent directory traversal
+  if (path_.find("..") != std::string::npos) {
+    SetError("Invalid path containing '..'");
+    return;
+  }
+
   struct stat statbuf;
   if (stat(path_.c_str(), &statbuf) != 0) {
     int error = errno;
@@ -73,6 +80,13 @@ SetHiddenWorker::SetHiddenWorker(std::string path, bool hidden,
 void SetHiddenWorker::Execute() {
   DEBUG_LOG("[SetHiddenWorker] setting hidden=%d for: %s", hidden_,
             path_.c_str());
+
+  // Add path validation to prevent directory traversal
+  if (path_.find("..") != std::string::npos) {
+    SetError("Invalid path containing '..'");
+    return;
+  }
+
   struct stat statbuf;
   if (stat(path_.c_str(), &statbuf) != 0) {
     int error = errno;

package/src/darwin/raii_utils.h

@@ -0,0 +1,85 @@
+#pragma once
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <sys/mount.h>
+
+namespace FSMeta {
+
+// Generic RAII wrapper for resources that need free()
+template <typename T> class ResourceRAII {
+private:
+  T *resource_;
+
+public:
+  ResourceRAII() : resource_(nullptr) {}
+  ~ResourceRAII() {
+    if (resource_) {
+      free(resource_);
+    }
+  }
+
+  T **ptr() { return &resource_; }
+  T *get() { return resource_; }
+
+  // Add move operations for better resource management
+  ResourceRAII(ResourceRAII &&other) noexcept : resource_(other.resource_) {
+    other.resource_ = nullptr;
+  }
+
+  ResourceRAII &operator=(ResourceRAII &&other) noexcept {
+    if (this != &other) {
+      if (resource_)
+        free(resource_);
+      resource_ = other.resource_;
+      other.resource_ = nullptr;
+    }
+    return *this;
+  }
+
+  // Prevent copying
+  ResourceRAII(const ResourceRAII &) = delete;
+  ResourceRAII &operator=(const ResourceRAII &) = delete;
+};
+
+// Specialized for mount info
+using MountBufferRAII = ResourceRAII<struct statfs>;
+
+// CoreFoundation RAII wrapper
+template <typename T> class CFReleaser {
+private:
+  T ref_;
+
+public:
+  explicit CFReleaser(T ref = nullptr) noexcept : ref_(ref) {}
+  ~CFReleaser() { reset(); }
+
+  void reset(T ref = nullptr) {
+    if (ref_) {
+      CFRelease(ref_);
+    }
+    ref_ = ref;
+  }
+
+  operator T() const noexcept { return ref_; }
+  T get() const noexcept { return ref_; }
+  bool isValid() const noexcept { return ref_ != nullptr; }
+
+  // Prevent copying
+  CFReleaser(const CFReleaser &) = delete;
+  CFReleaser &operator=(const CFReleaser &) = delete;
+
+  // Allow moving
+  CFReleaser(CFReleaser &&other) noexcept : ref_(other.ref_) {
+    other.ref_ = nullptr;
+  }
+  CFReleaser &operator=(CFReleaser &&other) noexcept {
+    if (this != &other) {
+      reset();
+      ref_ = other.ref_;
+      other.ref_ = nullptr;
+    }
+    return *this;
+  }
+};
+
+} // namespace FSMeta

package/src/darwin/volume_metadata.cpp

@@ -2,6 +2,7 @@
 
 #include "../common/debug_log.h"
 #include "./fs_meta.h"
+#include "./raii_utils.h"
 
 #include <CoreFoundation/CoreFoundation.h>
 #include <DiskArbitration/DiskArbitration.h>
@@ -36,55 +37,6 @@ static std::string CFStringToString(CFStringRef cfString) {
   return result;
 }
 
-// Improved CFReleaser with proper Core Foundation support
-template <typename T> class CFReleaser {
-private:
-  T ref_;
-
-public:
-  explicit CFReleaser(T ref = nullptr) noexcept : ref_(ref) {}
-
-  // Delete copy operations
-  CFReleaser(const CFReleaser &) = delete;
-  CFReleaser &operator=(const CFReleaser &) = delete;
-
-  // Move operations
-  CFReleaser(CFReleaser &&other) noexcept : ref_(other.ref_) {
-    other.ref_ = nullptr;
-  }
-
-  CFReleaser &operator=(CFReleaser &&other) noexcept {
-    if (this != &other) {
-      reset();
-      ref_ = other.ref_;
-      other.ref_ = nullptr;
-    }
-    return *this;
-  }
-
-  ~CFReleaser() { reset(); }
-
-  void reset(T ref = nullptr) {
-    if (ref_) {
-      CFRelease(ref_);
-    }
-    ref_ = ref;
-  }
-
-  // Implicit conversion operator for Core Foundation APIs
-  operator T() const noexcept { return ref_; }
-
-  T get() const noexcept { return ref_; }
-  bool isValid() const noexcept { return ref_ != nullptr; }
-
-  // Release ownership
-  T release() noexcept {
-    T temp = ref_;
-    ref_ = nullptr;
-    return temp;
-  }
-};
-
 class GetVolumeMetadataWorker : public MetadataWorkerBase {
 public:
   GetVolumeMetadataWorker(const std::string &mountPoint,
@@ -178,12 +130,12 @@ private:
     // Check if this is a network filesystem
     if (metadata.fstype == "smbfs" || metadata.fstype == "nfs" ||
         metadata.fstype == "afpfs" || metadata.fstype == "webdav") {
-      // For network filesystems, we consider them healthy even without DA info
       metadata.remote = true;
       metadata.status = "healthy";
       return;
     }
 
+    // Create session on current thread
     CFReleaser<DASessionRef> session(DASessionCreate(kCFAllocatorDefault));
     if (!session.isValid()) {
       DEBUG_LOG("[GetVolumeMetadataWorker] Failed to create DA session");
@@ -193,21 +145,39 @@ private:
     }
 
     try {
-      // RAII cleanup for RunLoop scheduling
+      // Get thread-local runloop or create new one if needed
+      CFRunLoopRef runLoop = CFRunLoopGetCurrent();
+      if (!runLoop) {
+        // If no runloop exists, create a new one for this thread
+        CFRunLoopRun();
+        runLoop = CFRunLoopGetCurrent();
+        if (!runLoop) {
+          throw std::runtime_error("Failed to create thread-local runloop");
+        }
+      }
+
+      // Schedule session with our runloop
+      DASessionScheduleWithRunLoop(session.get(), runLoop,
+                                   kCFRunLoopDefaultMode);
+
+      // Use RAII to ensure cleanup
       struct RunLoopCleaner {
         DASessionRef session;
-        explicit RunLoopCleaner(DASessionRef s) : session(s) {}
+        CFRunLoopRef runLoop;
+        bool shouldStop;
+        RunLoopCleaner(DASessionRef s, CFRunLoopRef l, bool stop = false)
+            : session(s), runLoop(l), shouldStop(stop) {}
         ~RunLoopCleaner() {
-          DASessionUnscheduleFromRunLoop(session, CFRunLoopGetCurrent(),
+          DASessionUnscheduleFromRunLoop(session, runLoop,
                                          kCFRunLoopDefaultMode);
+          if (shouldStop) {
+            CFRunLoopStop(runLoop);
+          }
         }
-      };
+      } scopeGuard(session.get(), runLoop, !CFRunLoopGetCurrent());
 
-      // Schedule session with RunLoop
-      DASessionScheduleWithRunLoop(session.get(), CFRunLoopGetCurrent(),
-                                   kCFRunLoopDefaultMode);
-
-      auto scopeGuard = std::make_unique<RunLoopCleaner>(session.get());
+      // Run the run loop briefly to ensure DA is ready
+      CFRunLoopRunInMode(kCFRunLoopDefaultMode, 0.1, true);
 
       CFReleaser<DADiskRef> disk(DADiskCreateFromBSDName(
           kCFAllocatorDefault, session.get(), metadata.mountFrom.c_str()));
@@ -228,12 +198,17 @@ private:
         return;
       }
 
+      // Ensure we have a complete description before continuing
+      CFRunLoopRunInMode(kCFRunLoopDefaultMode, 0.1, false);
+
+      // Process description synchronously since we're already on the right
+      // thread
       ProcessDiskDescription(description.get());
 
-      // Only set ready if we got this far without errors
       if (metadata.status != "partial") {
         metadata.status = "healthy";
       }
+
     } catch (const std::exception &e) {
       DEBUG_LOG("[GetVolumeMetadataWorker] Exception: %s", e.what());
       metadata.status = "error";

package/src/darwin/volume_mount_points.cpp

@@ -1,7 +1,8 @@
 // src/darwin/volume_mount_points.cpp
 #include "../common/volume_mount_points.h"
 #include "../common/debug_log.h"
-#include "fs_meta.h"
+#include "./fs_meta.h"
+#include "./raii_utils.h"
 #include <chrono>
 #include <future>
 #include <sys/mount.h>
@@ -24,9 +25,12 @@ public:
   void Execute() override {
     DEBUG_LOG("[GetVolumeMountPointsWorker] Executing");
     try {
-      // Get mount list - this is fast
-      struct statfs *mntbufp;
-      int count = getmntinfo(&mntbufp, MNT_WAIT);
+      MountBufferRAII mntbuf;
+      // Use MNT_NOWAIT for better performance - we'll verify accessibility
+      // separately and our error handling already covers mount state changes
+      // See https://github.com/swiftlang/swift-corelibs-foundation/issues/4649
+
+      int count = getmntinfo_r_np(mntbuf.ptr(), MNT_NOWAIT);
 
       if (count <= 0) {
         throw std::runtime_error("Failed to get mount information");
@@ -34,36 +38,39 @@ public:
 
       for (int i = 0; i < count; i++) {
         MountPoint mp;
-        mp.mountPoint = mntbufp[i].f_mntonname;
-        mp.fstype = mntbufp[i].f_fstypename;
+        mp.mountPoint = mntbuf.get()[i].f_mntonname;
+        mp.fstype = mntbuf.get()[i].f_fstypename;
         mp.error = ""; // Initialize error field
 
         DEBUG_LOG("[GetVolumeMountPointsWorker] Checking mount point: %s",
                   mp.mountPoint.c_str());
 
         try {
-          // Use shared_future to allow multiple gets
-          std::shared_future<bool> future =
+          // Use RAII to manage future
+          auto future = std::make_shared<std::future<bool>>(
               std::async(std::launch::async, [path = mp.mountPoint]() {
-                return access(path.c_str(), R_OK) == 0;
-              }).share();
+                // Use faccessat for better security
+                return faccessat(AT_FDCWD, path.c_str(), R_OK, AT_EACCESS) == 0;
+              }));
 
-          auto status = future.wait_for(std::chrono::milliseconds(timeoutMs_));
+          auto status = future->wait_for(std::chrono::milliseconds(timeoutMs_));
 
-          if (status == std::future_status::timeout) {
+          switch (status) {
+          case std::future_status::timeout:
             mp.status = "disconnected";
             mp.error = "Access check timed out";
-            DEBUG_LOG(
-                "[GetVolumeMountPointsWorker] Access check timed out for: %s",
-                mp.mountPoint.c_str());
-          } else if (status == std::future_status::ready) {
+            DEBUG_LOG("[GetVolumeMountPointsWorker] Access check timed out: %s",
+                      mp.mountPoint.c_str());
+            break;
+
+          case std::future_status::ready:
             try {
-              bool isAccessible = future.get();
+              bool isAccessible = future->get();
               mp.status = isAccessible ? "healthy" : "inaccessible";
               if (!isAccessible) {
                 mp.error = "Path is not accessible";
               }
-              DEBUG_LOG("[GetVolumeMountPointsWorker] Access check %s for: %s",
+              DEBUG_LOG("[GetVolumeMountPointsWorker] Access check %s: %s",
                         isAccessible ? "succeeded" : "failed",
                         mp.mountPoint.c_str());
             } catch (const std::exception &e) {
@@ -71,12 +78,14 @@ public:
               mp.error = std::string("Access check failed: ") + e.what();
               DEBUG_LOG("[GetVolumeMountPointsWorker] Exception: %s", e.what());
             }
-          } else {
+            break;
+
+          default:
             mp.status = "error";
             mp.error = "Unexpected future status";
-            DEBUG_LOG(
-                "[GetVolumeMountPointsWorker] Unexpected future status for: %s",
-                mp.mountPoint.c_str());
+            DEBUG_LOG("[GetVolumeMountPointsWorker] Unexpected status: %s",
+                      mp.mountPoint.c_str());
+            break;
           }
         } catch (const std::exception &e) {
           mp.status = "error";

package/src/object.ts

@@ -3,7 +3,7 @@
 import { isNotBlank, isString } from "./string.js";
 
 /**
- * Check if a value is an object
+ * @return true iff value is an object and not an array
  */
 export function isObject(value: unknown): value is object {
   // typeof null is 'object', so we need to check for that case YAY JAVASCRIPT
@@ -11,7 +11,8 @@ export function isObject(value: unknown): value is object {
 }
 
 /**
- * Map a value to another value, or undefined if the value is undefined
+ * @return undefined if `obj` is nullish, or the return value of `fn` applied
+ * against `obj` if `obj` is defined
  */
 export function map<T, U>(
   obj: T | undefined,
@@ -21,7 +22,7 @@ export function map<T, U>(
 }
 
 /**
- * Omit the specified fields from an object
+ * @return a shallow copy of `obj` that omits the specified `keys`
  */
 export function omit<T extends object, K extends keyof T>(
   obj: T,
@@ -40,6 +41,10 @@ export function omit<T extends object, K extends keyof T>(
   return result;
 }
 
+/**
+ * @return a shallow copy of `obj` that only includes fields that are defined
+ * and not nullish or blank.
+ */
 export function compactValues<T extends object>(
   obj: T | undefined,
 ): Partial<T> {

package/src/options.ts

@@ -51,7 +51,7 @@ export const SystemPathPatternsDefault = [
   "/System/Volumes/Update",
   "/System/Volumes/VM",
   "/System/Volumes/xarts",
-];
+] as const;
 
 /**
  * Filesystem types that indicate system volumes

package/src/path.ts

@@ -26,10 +26,10 @@ export function normalizePosixPath(
 ): string | undefined {
   if (isBlank(mountPoint)) return undefined;
   if (mountPoint === "/") return mountPoint;
-  
+
   // Fast path: check last char only if no trailing slash
   if (mountPoint[mountPoint.length - 1] !== "/") return mountPoint;
-  
+
   // Slower path: trim trailing slashes
   let end = mountPoint.length - 1;
   while (end > 0 && mountPoint[end] === "/") {