Clarify PATHPATTERN wildcards are glob-like #174
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jku
previously approved these changes
Jul 14, 2021
The common interpretation of PATHPATTERN's use shell-style wildcards is that they match the behaviour of a UNIX glob: https://man7.org/linux/man-pages/man7/glob.7.html However, the reference implementation currently ( https://github.com/theupdateframework/tuf/blob/04bbc03b9f16e49ee114ed9b5eae69fdea266b93/tuf/client/updater.py#L2868 ) implements PATHPATTERN wildcard matching using fnmatch ( https://docs.python.org/3/library/fnmatch.html#module-fnmatch) where, unlike a glob, wildcards in PATHPATTERN will match path separators in the PATHPATTERN. The existing recommendation in the spec to treat `/` as a directory separator implies that, like a glob, a '/' in a pathname SHOULD not be matched by a wildcard in a PATHPATTERN. Edit the description of PATHPATTERN to be explicit that this is glob-like behaviour AND we do not expect a wildcard to match a path separator. Make this even more explicit by including an examples demonstrating how a path separator would not match. Signed-off-by: Joshua Lock <[email protected]>
joshuagl
force-pushed
the
joshuagl/pathpattern
branch
from
ef14bc9 to
6fffd36
Compare
jku
approved these changes
Jul 14, 2021
mnm678
approved these changes
Jul 14, 2021
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with fnmatch.fnmatch() which doesn't see "/" separator as special symbol. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with fnmatch.fnmatch() which doesn't see "/" separator as special symbol. That's why before using fnmatch.fnmatch() we should manually check that both the pattern directory and the given target directory are the same and then we can get a valid result if a target path matches the pattern. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with fnmatch.fnmatch() which doesn't see "/" separator as special symbol. That's why before using fnmatch.fnmatch() we should manually check that both the pattern directory and the given target directory are the same and then we can get a valid result if a target path matches the pattern. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with fnmatch.fnmatch() which doesn't see "/" separator as special symbol. That's why before using fnmatch.fnmatch() we should manually check that both the pattern directory and the given target directory are the same and then we can get a valid result if a target path matches the pattern. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. That's why before using `fnmatch.fnmatch()` we should manually check that either: - pattern directory = target directory - or that pattern directory contains the target directory and `*` is used in the end of the pattern. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. That's why before using `fnmatch.fnmatch()` we should manually check that either: - pattern directory = target directory - or that pattern directory contains the target directory and `*` is used at the end of the pattern. Signed-off-by: Martin Vrachev <[email protected]>
3 tasks
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. That's why before using `fnmatch.fnmatch()` we should manually check that either: - pattern directory = target directory - or that pattern directory contains the target directory and `*` is used at the end of the pattern. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 29, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. That's why before using `fnmatch.fnmatch()` we should manually check that either: - pattern directory = target directory - or that pattern directory contains the target directory and `*` is used at the end of the pattern. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 30, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. That's why before using `fnmatch.fnmatch()` we should manually check that "targetname" and "pathpattern" are pointing to the same directory. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Jul 30, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. That's why before using `fnmatch.fnmatch()` we should manually check that "targetname" and "pathpattern" are pointing to the same directory. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 4, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. That's why before using `fnmatch.fnmatch()` we should manually check that "targetname" and "pathpattern" are pointing to the same directory. Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 17, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a regex we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 17, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a regex we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 25, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a regex we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 25, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a regex we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 25, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 25, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 26, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 26, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 26, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 26, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 26, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Aug 26, 2021
According to the recently updated version of the specification the shell style wildcard matching is glob-like (see theupdateframework/specification#174), and therefore a path separator in a path should not be matched by a wildcard in the PATHPATTERN. That's not what happens with `fnmatch.fnmatch()` which doesn't see "/" separator as a special symbol. For example: fnmatch.fnmatch("targets/foo.tgz", "*.tgz") will return True which is not what glob-like implementation will do. We should make sure that target_path and the pathpattern contain the same number of directories and because each part of the pathpattern could include a glob pattern we should check that fnmatch.fnmatch() is true on each target and pathpattern directory fragment separated by "/". Signed-off-by: Martin Vrachev <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #173 by emphasising that the shell style wildcard matching of the specification is glob-like, and therefore a path separator in a path should not be matched by a wildcard in the
PATHPATTERN.