PDA

View Full Version : prevent removal of critical files and folders




MrFusion
Mar 23, 2009, 01:09 PM
Suppose the user provides a filepath to a directory which will be overwritten and recreated with new files within.

How do I check that the user didn't accidently provided a critical path, e.g. "/", or any other multitude of dangerous possibilities?
Hardcoding every possibility doesn't seem practical, even If I did know all the possible paths.

if (![[url path] isEqualTo:@"/"])


Thanks!



lee1210
Mar 23, 2009, 01:35 PM
Why are you replacing a folder? Why not accept a base directory, and create something new with a "unique" name below it, and confirm replacement with the user if the name of the subdirectory already exists?

You should also be able to check that the user has permissions to modify the location... as long as they don't run your app as a superuser, it should help avoid some critical spots, too.

-Lee

MrFusion
Mar 23, 2009, 01:56 PM
Why are you replacing a folder? Why not accept a base directory, and create something new with a "unique" name below it, and confirm replacement with the user if the name of the subdirectory already exists?

You should also be able to check that the user has permissions to modify the location... as long as they don't run your app as a superuser, it should help avoid some critical spots, too.

-Lee

So far, I have been checking if the folder exists. Do nothing if it does, do something if it doesn't.
But in the new version I want to overwrite the old data to avoid any confusion between old and new. Between good and bad.

Ok, it's probably safer to do it the Finder way and tag on a number at the end or ask the user. Should have realised that.

Thanks Lee

lee1210
Mar 23, 2009, 02:26 PM
You could just put a .mycoolprogram.x.y.z file in the folder, and see if any existing .mycoolprogram files are there... If so, you can be pretty sure it belongs to your program, and can feel "good" deleting the current contents (assuming the user's prefs and whatnot are OK to trash).

-Lee

MrFusion
Mar 23, 2009, 03:44 PM
You could just put a .mycoolprogram.x.y.z file in the folder, and see if any existing .mycoolprogram files are there... If so, you can be pretty sure it belongs to your program, and can feel "good" deleting the current contents (assuming the user's prefs and whatnot are OK to trash).

-Lee

Nice trick. I have to remember this one.
With the current version, it can take hours to go through the data and export the results (at least it's better than doing it all manually). You don't want to have any doubt about which results are the correct ones a few weeks later.

MrFusion
Mar 23, 2009, 04:56 PM
Working on some code for this, I painted myself into a corner.
I have a category on NSURL to which I added a createFolder function which ensures a unique name.
Since I have to add files to this folder, the URL needs to be correct. Therefore I need to replace the url, but can I do that? Is it possible/allowed to replace self?



-(BOOL) createFolder:(BOOL) overwrite {
succes = NO;
BOOL isDir = NO;
if (([[NSFileManager defaultManager] fileExistsAtPath:[self path] isDirectory:&isDir]) & isDir){
//input
NSURL *baseurl = [self deleteLastPathComponent];
NSString *folder = [self myLastPathComponent];

//get new filename
NSArray *dirContents = [[NSFileManager defaultManager] directoryContentsAtPath:[baseurl path]];
int nbr = 0;
NSString *suggestion = [folder stringByAppendingFormat:@" - %i",nbr++];
while ([dirContents containsObject:suggestion]) {
suggestion = [folder stringByAppendingFormat:@" - %i",nbr++];
}

//replace self
NSURL *url = [baseurl appendPathComponent:suggestion];
self = url; // ???
}

//todo

return succes;
}

kainjow
Mar 23, 2009, 07:24 PM
Just change the method so it returns a new NSURL object. This is what all those stringWithxxx method are doing essentially.