ThePath - Convenient lib to deal with paths and files. (Alpha version)

H. S. Teoh hsteoh at qfbox.info
Tue Jan 17 23:12:26 UTC 2023 

On Sun, Jan 15, 2023 at 01:53:51PM +0000, Dmytro Katyukha via Digitalmars-d-announce wrote:
[...]
> Also, this lib contains function
> [createTempDirectory](https://github.com/katyukha/thepath/blob/master/source/thepath/utils.d),
> that, i think, would be nice to have it in Phobos.

Yes it would be nice.  But there may be security implications.  For
Posix, I see you use mkdtemp, which is secured by the OS / libc
implementor.  But for non-Posix, you used std.random; this is insecure
because std.random is not intended for cryptographic applications, and
anything not designed for crytographic security is vulnerable to
exploits.  Also, you need to be careful with the default permissions
with the temp directory is created; leaving it up to whatever's set in
the user's environment is generally unwise.


> So, the questions are:
> - Do it have sense to convert `Path` to a class? Or keep it as struct?

Struct.  In general, idiomatic D code prefers structs over classes. If
you're not using inheritance and runtime polymorphism, there's no need
to use classes.


> - Do it have sense to convert `Path` to template struct to make it
>   possible to work with other types of strings (except `string` type)?

IMO, this only introduces needless complexity.  For example std.regex
templatizes over char/wchar/dchar, but I've basically never needed to
use anything except the char instantiation.  This needless template
parametrization only adds to std.regex's slow compile times; in
retrospect it was IMO a mistake.  Regular D code should just use strings
(UTF-8) for everything, and convert to wstring at the OS boundary if
you're on Windows and need something to be in UTF-16.  And dstring is
essentially useless; I've not heard of anyone needing to use dstring for
the 10 or so years I've been using D.

Just use string, that's good enough.


> - What are the requirements to place [createTempDirectory](https://github.com/katyukha/thepath/blob/master/source/thepath/utils.d#L11)
>   function in Phobos?

Use Phobos coding style, bring it up to Phobos coding standards.


> - What else could be changed to make it better?
[...]

Probably should always use the libc or OS function for creating a temp
directory; it's generally bad idea to roll your own when it comes to
creating temporary files or directories where there can be serious
security implications. Other than insecure random name generation,
there's also timing issues to be considered, i.e., if an attacker could
predict the name, he could preemptively create the directory with the
wrong permissions between your call to std.file.exists and
std.file.mkdir, and exploit those permissions to manipulate the
behaviour of your program later.  You need to leverage OS APIs to
guarantee the atomicity of checking for existence and creating the
directory.


T

-- 
Ignorance is bliss... until you suffer the consequences!

More information about the Digitalmars-d-announce mailing list