System.FilePath.combine encourages unsafe practices
tempdir </> file -- when file is absolute, this does not put the file in the tempdir.
I can't say I have ever wanted the ability to add a path to the front of a file, unless the file was already absolute. It seems a strange thing to need to do, and a strange and surprising default.
I find I have to keep this gotcha in mind whenever using System.FilePath. It could have been avoided if the behavior was just to force the second component to be relative. While it would still not be secure to combine untrusted FilePaths (file could be "../../etc/passwd" for example), forcing it relative would guard against simple mistakes.
I don't know if it's too late to change this behavior of combine. Perhaps the best way is to instead use System.Path. Its combine is typed to require the second parameter be relative.
Trac metadata
Trac field | Value |
---|---|
Version | 7.0.3 |
Type | Bug |
TypeOfFailure | OtherFailure |
Priority | normal |
Resolution | Unresolved |
Component | libraries (other) |
Test case | |
Differential revisions | |
BlockedBy | |
Related | |
Blocking | |
CC | |
Operating system | |
Architecture |