starred/pkl
1
0
Fork 0
mirror of https://github.com/apple/pkl.git synced 2026-06-11 08:12:50 +02:00
Code Issues 198 Packages Projects Releases 10 Wiki Activity

Prevent --multiple-file-output-path writes from following symlinks outside the target directory (#1467)

Browse Source
This commit is contained in:
Jen Basch
2026-03-25 11:50:20 -07:00
committed by GitHub
parent cdc6fa8aec
commit f23c37a993
2 changed files with 50 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkl-cli/src/test/kotlin/org/pkl/cli/CliEvaluatorTest.kt
+31
View File
@@ -931,6 +931,37 @@ result = someLib.x
.hasMessageContaining("which is outside output directory")
}
@Test
@DisabledOnOs(OS.WINDOWS)
fun `multiple file output throws if files are written outside the base path via symlink`() {
val output = tempDir.resolve(".output").createDirectories()
val outside = tempDir.resolve("outside").createDirectories()
output.resolve("outside").createSymbolicLinkPointingTo(outside)
val moduleUri =
writePklFile(
"test.pkl",
"""
output {
files {
["outside/foo.txt"] {
text = "bar"
}
}
}
"""
.trimIndent(),
)
val options =
CliEvaluatorOptions(
CliBaseOptions(sourceModules = listOf(moduleUri), workingDir = tempDir),
multipleFileOutputPath = ".output",
)
assertThatCode { evalToConsole(options) }
.hasMessageStartingWith("Output file conflict:")
.hasMessageContaining("which is outside output directory")
}
@Test
fun `multiple file output throws if file path is a directory`() {
tempDir.resolve(".output/myDir").createDirectories()