PyPI - act-cli - Versions diffs - 0.5.0__tar.gz → 0.5.1__tar.gz - Mend

act-cli 0.5.0tar.gz → 0.5.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

{act_cli-0.5.0 → act_cli-0.5.1}/Cargo.lock RENAMED Viewed

@@ -4,7 +4,7 @@ version = 4
 [[package]]
 name = "act-build"
-version = "0.5.0"
+version = "0.5.1"
 dependencies = [
  "act-types",
  "anyhow",
@@ -25,7 +25,7 @@ dependencies = [
 [[package]]
 name = "act-cli"
-version = "0.5.0"
+version = "0.5.1"
 dependencies = [
  "act-types",
  "anyhow",

{act_cli-0.5.0 → act_cli-0.5.1}/Cargo.toml RENAMED Viewed

@@ -3,7 +3,7 @@ members = ["act-cli"]
 resolver = "3"
 [workspace.package]
-version = "0.5.0"
+version = "0.5.1"
 edition = "2024"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/actcore/act-cli"

{act_cli-0.5.0 → act_cli-0.5.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: act-cli
-Version: 0.5.0
+Version: 0.5.1
 Classifier: Development Status :: 4 - Beta
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers

{act_cli-0.5.0 → act_cli-0.5.1}/act-cli/src/runtime/fs_matcher.rs RENAMED Viewed

@@ -18,10 +18,19 @@
 //! Decision rule:
 //! - Mode = Deny → always `Deny`.
 //! - Mode = Open → always `Allow`.
-//! - Mode = Allowlist → `Deny` if any deny pattern matches; else `Allow`
-//!   if any allow pattern matches; else `Deny`.
+//! - Mode = Allowlist:
+//!   - `Deny` if any deny pattern matches.
+//!   - `Allow` if any allow pattern matches.
+//!   - `Allow` if the path is a directory **ancestor** of any allowed
+//!     pattern's literal prefix. WASI path resolution stats every
+//!     intermediate directory when opening a nested path, so a user
+//!     granting `/tmp/work/db.sqlite` implicitly grants traversal on
+//!     `/tmp/work` and `/tmp` (metadata only — those dirs aren't
+//!     "allowed" for listing, but they are for the traversal needed
+//!     to reach the target).
+//!   - `Deny` otherwise.
-use std::path::Path;
+use std::path::{Path, PathBuf};
 use anyhow::{Context, Result};
 use globset::{Glob, GlobSet, GlobSetBuilder};
@@ -43,15 +52,27 @@ pub struct FsMatcher {
     mode: PolicyMode,
     allow: GlobSet,
     deny: GlobSet,
+    /// Literal path prefix of each allow entry — the longest ancestor
+    /// with no glob metacharacter. `/a/b/c.db` → `/a/b/c.db`;
+    /// `/tmp/*.db` → `/tmp`; `/foo/bar/**` → `/foo/bar`. Used to permit
+    /// traversal of intermediate directories on the path to any
+    /// allowed target.
+    allow_prefixes: Vec<PathBuf>,
 }
 impl FsMatcher {
     /// Compile a matcher from a resolved `FsConfig`.
     pub fn compile(cfg: &FsConfig) -> Result<Self> {
+        let mut allow_prefixes = Vec::new();
+        for pat in &cfg.allow {
+            let expanded = expand_pattern(pat);
+            allow_prefixes.push(PathBuf::from(literal_prefix(&expanded)));
+        }
         Ok(Self {
             mode: cfg.mode,
             allow: compile_set("allow", &cfg.allow)?,
             deny: compile_set("deny", &cfg.deny)?,
+            allow_prefixes,
         })
     }
@@ -65,15 +86,60 @@ impl FsMatcher {
                     return FsDecision::Deny;
                 }
                 if self.allow.is_match(path) {
-                    FsDecision::Allow
-                } else {
-                    FsDecision::Deny
+                    return FsDecision::Allow;
+                }
+                // Ancestor-traversal check: allow stat/open on any directory
+                // that lies on the path to some allowed target.
+                if self
+                    .allow_prefixes
+                    .iter()
+                    .any(|prefix| is_ancestor(path, prefix))
+                {
+                    return FsDecision::Allow;
                 }
+                FsDecision::Deny
             }
         }
     }
 }
+/// Extract the longest leading path segment of `pattern` that contains no
+/// glob metacharacter (`*`, `?`, `[`, `{`). That segment is the literal
+/// prefix under which the glob might match.
+fn literal_prefix(pattern: &str) -> &str {
+    // Find the first component containing a metachar. Keep everything before it.
+    let bytes = pattern.as_bytes();
+    let mut last_boundary = 0usize;
+    let mut i = 0usize;
+    while i < bytes.len() {
+        let b = bytes[i];
+        if b == b'/' {
+            last_boundary = i;
+        } else if matches!(b, b'*' | b'?' | b'[' | b'{') {
+            return &pattern[..last_boundary];
+        }
+        i += 1;
+    }
+    // No metachar found — the whole pattern is literal.
+    pattern
+}
+/// Is `candidate` an ancestor of `target` (i.e., `target` is `candidate`
+/// with zero or more additional components)? Works by walking `target`'s
+/// ancestor chain looking for an exact match. Returns `false` if
+/// `candidate` is empty.
+fn is_ancestor(candidate: &Path, target: &Path) -> bool {
+    if candidate.as_os_str().is_empty() {
+        return false;
+    }
+    for ancestor in target.ancestors() {
+        if ancestor == candidate {
+            return true;
+        }
+    }
+    false
+}
 fn compile_set(label: &str, patterns: &[String]) -> Result<GlobSet> {
     let mut b = GlobSetBuilder::new();
     for p in patterns {
@@ -213,6 +279,56 @@ mod tests {
         );
     }
+    #[test]
+    fn ancestor_of_allowed_literal_file_is_traversable() {
+        // Allowing /tmp/work/db.sqlite implicitly grants traversal on
+        // /tmp/work and /tmp so the WASI path-walker can stat each
+        // intermediate directory before reaching the target.
+        let m =
+            FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/work/db.sqlite"], &[])).unwrap();
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/work/db.sqlite")),
+            FsDecision::Allow
+        );
+        assert_eq!(m.decide(&PathBuf::from("/tmp/work")), FsDecision::Allow);
+        assert_eq!(m.decide(&PathBuf::from("/tmp")), FsDecision::Allow);
+        assert_eq!(m.decide(&PathBuf::from("/")), FsDecision::Allow);
+        // Sibling dir not on the path — still denied.
+        assert_eq!(m.decide(&PathBuf::from("/tmp/other")), FsDecision::Deny);
+        assert_eq!(m.decide(&PathBuf::from("/var")), FsDecision::Deny);
+    }
+    #[test]
+    fn ancestor_of_glob_literal_prefix_is_traversable() {
+        let m =
+            FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/work/**/*.db"], &[])).unwrap();
+        // Literal prefix is /tmp/work. Ancestors allowed.
+        assert_eq!(m.decide(&PathBuf::from("/tmp/work")), FsDecision::Allow);
+        assert_eq!(m.decide(&PathBuf::from("/tmp")), FsDecision::Allow);
+        // A .db inside is allowed by the glob.
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/work/a/b.db")),
+            FsDecision::Allow
+        );
+        // Non-.db file below is NOT allowed — ancestor rule only covers
+        // *reaching* the allowed target, not reading siblings.
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/work/a/b.txt")),
+            FsDecision::Deny
+        );
+    }
+    #[test]
+    fn ancestor_does_not_leak_past_first_glob_component() {
+        // `/tmp/*.db` — the literal prefix is `/tmp`. Ancestors of that
+        // (i.e. `/`) are traversable, but so is `/tmp` itself. What
+        // shouldn't leak: a sibling of the glob target.
+        let m = FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/*.db"], &[])).unwrap();
+        assert_eq!(m.decide(&PathBuf::from("/tmp")), FsDecision::Allow);
+        assert_eq!(m.decide(&PathBuf::from("/tmp/foo.db")), FsDecision::Allow);
+        assert_eq!(m.decide(&PathBuf::from("/tmp/foo.txt")), FsDecision::Deny);
+    }
     #[test]
     fn extension_glob() {
         let m = FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/**/*.md"], &[])).unwrap();