fixup! [#138] Report links that escape repo directory

serokell · Sep 26, 2022 · 991f295 · 991f295
1 parent 20ad7a3
commit 991f295
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 5 deletions.
diff --git a/src/Xrefcheck/Verify.hs b/src/Xrefcheck/Verify.hs
@@ -410,6 +410,8 @@ verifyReference
       VerifyResult [ExternalHttpTooManyRequests retryAfter] -> retryAfter
       _ -> Nothing
 
+    isVirtual = matchesGlobPatterns root vcVirtualFiles
+
     checkRef mAnchor referredFile = verifying $ do
       checkReferredFileIsInsideRepo referredFile
       checkReferredFileExists referredFile
@@ -419,10 +421,10 @@ verifyReference
           checkAnchor referredFile (_fiAnchors referredFileInfo)
 
     checkReferredFileIsInsideRepo file = unless
-      (noNegativeNesting $ makeRelative root file)
+      (isVirtual file || noNegativeNesting (makeRelative root file))
       $ throwError (LocalFileOutsideRepo file)
       where
-        -- | checks that relative filepath fully belongs to current directory
+        -- checks that relative filepath fully belongs to current directory
         -- noNegativeNesting "a/../b" = True
         -- noNegativeNesting "a/../../b" = False
         noNegativeNesting path = all (>= 0) $ scanl
@@ -438,9 +440,7 @@ verifyReference
       let fileExists = readingSystem $ doesFileExist file
       let dirExists = readingSystem $ doesDirectoryExist file
 
-      let isVirtual = matchesGlobPatterns root vcVirtualFiles file
-
-      unless (fileExists || dirExists || isVirtual) $
+      unless (fileExists || dirExists || isVirtual file) $
         throwError (LocalFileDoesNotExist file)
 
     checkAnchor file fileAnchors anchor = do

diff --git a/tests/golden/check-local-references-outside-repo/check-local-references-outside-repo.bats b/tests/golden/check-local-references-outside-repo/check-local-references-outside-repo.bats
@@ -25,3 +25,9 @@ load '../helpers'
 
   assert_output --partial "All repository links are valid."
 }
+
+@test "When target is a virtual file, everything is good" {
+  run xrefcheck -c config-virtual-file.yaml -r inner-directory\
+
+  assert_output --partial "All repository links are valid."
+}
diff --git a/tests/golden/check-local-references-outside-repo/config-virtual-file.yaml b/tests/golden/check-local-references-outside-repo/config-virtual-file.yaml
@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2022 Serokell <https://serokell.io>
+#
+# SPDX-License-Identifier: Unlicense
+traversal:
+  ignored: []
+verification:
+  anchorSimilarityThreshold: 0.5
+
+  externalRefCheckTimeout: 10s
+
+  notScanned: []
+
+  virtualFiles:
+    - ../link-target.md
+  ignoreRefs:
+    - ^(https?|ftps?)://(localhost|127\.0\.0\.1).*
+
+  ignoreAuthFailures: true
+
+  defaultRetryAfter: 30s
+
+  maxRetries: 3
+
+scanners:
+  markdown:
+    flavor: GitHub