What it does
Detects when file-system operations (file and directory creation, opening, deletion) are done on Paths only, opening the door to the directory the application is operating on changing from under it.
Advantage
Detecting this can help developers to eliminate a big source of TOCTOU bugs.
Drawbacks
The Dir abstraction is not yet stabilized and lacks APIs for file/directory creation and deletion. Pushing people to crates that provide these APIs might be "picking favorites".
Example
let p = "foo";
let bar = "bar";
let _ = fs::File::open(p.join("bar"))?;
let _ = fs::File::open(p.join(bar))?;On nightly, could be written as:
let dir = fs::Dir::open(p)?;
let _ = dir.open("bar")?;
let _ = dir.open(bar)?;On stable, or for operations std doesn't have APIs for, we should mention crates like cap-std which provide open_at-like APIs.
Comparison with existing lints
No response
Additional Context
No response
What it does
Detects when file-system operations (file and directory creation, opening, deletion) are done on
Paths only, opening the door to the directory the application is operating on changing from under it.Advantage
Detecting this can help developers to eliminate a big source of TOCTOU bugs.
Drawbacks
The
Dirabstraction is not yet stabilized and lacks APIs for file/directory creation and deletion. Pushing people to crates that provide these APIs might be "picking favorites".Example
On nightly, could be written as:
On stable, or for operations std doesn't have APIs for, we should mention crates like
cap-stdwhich provideopen_at-like APIs.Comparison with existing lints
No response
Additional Context
No response