Bug 21234 – Import expression can read files outside of -J path in case of symlink/hardlink

I did 4 tests to understand how symlinks and hardlinks are treated on Posix (Ubuntu 20.04 in my case) and Windows (Windows 10 build 19041.450) inside -J path. The results are: - If a hardlink points to outside of -J path then import("file") reads it on both Windows and Posix; - If a symlink points to outside of -J path then import("file") reads it on Windows and rejects on Posix. So this brings up few questions: - Should there be a parity between Windows and Posix in treating of symlinks? - Should there be a parity in treating of symlinks and hardlinks? - What are security concerns to disallow symlinks to external files on Posix? Is it feasible to remove this restriction to make it consistent across platforms? - Should DMD reject hardlinks that point outside of -J path? (I'm not sure that it's easy to implement or even possible) - Does providing -J option to DMD mean user's consent to use the content of specified directory regardless to the type of this content? There is legitimate use case IMO when one creates a "working" directory to be passed to -J option that intentionally contains symlinks to external files (e.g. specific files in some git repo). (See references [1] and [2] regarding symlink/hardlink support on Windows) Testcase used here: ====== test.d void main() { pragma(msg, import("file")); } ====== file hello ====== Steps to reproduce: symlink on Ubuntu ====== $ rm -rf foo/; mkdir foo; ln -s ../file foo/file $ ls -li file foo/file 74551 -rwxr--r-- 2 andrey andrey 6 Sep 10 04:43 file 73336 lrwxrwxrwx 1 andrey andrey 7 Sep 10 06:12 foo/file -> ../file $ dmd -Jfoo -run test.d test.d(3): Error: file "file" cannot be found or not in a path specified with -J test.d(3): while evaluating pragma(msg, import("file")) ====== Steps to reproduce: hardlink on Ubuntu ====== $ rm -rf foo/; mkdir foo; ln file foo/file $ ls -li file foo/file 74551 -rwxr--r-- 3 andrey andrey 6 Sep 10 04:43 file 74551 -rwxr--r-- 3 andrey andrey 6 Sep 10 04:43 foo/file $ dmd -Jfoo -run test.d hello ====== Steps to reproduce: symlink on Windows (use cmd in admin mode) ====== >rmdir /s /q foo & mkdir foo & mklink foo\file ..\file symbolic link created for foo\file <<===>> ..\file >dir file foo\file Directory of C:\link-test 09/10/2020 05:08 AM 6 file Directory of C:\link-test\foo 09/10/2020 06:21 AM <SYMLINK> file [..\file] >dmd -Jfoo -run test.d hello ====== Steps to reproduce: hardlink on Windows (use cmd in admin mode) ====== >rmdir /s /q foo & mkdir foo & mklink /h foo\file file Hardlink created for foo\file <<===>> file >dir file foo\file Directory of C:\link-test 09/10/2020 05:08 AM 6 file Directory of C:\link-test\foo 09/10/2020 05:08 AM 6 file C:\link-test>dmd -Jfoo -run test.d hello ====== References: [1] https://docs.microsoft.com/en-us/windows/win32/fileio/hard-links-and-junctions [2] https://docs.microsoft.com/en-us/windows/win32/fileio/symbolic-links

@andrey-zherikov updated dlang/dmd pull request #11836 "Fix issue 21234: Import expression can read files outside of -J path in case of symlink/hardlink" fixing this issue: - Fix issue 21234: Import expression can read files outside of -J path in case of symlink/hardlink https://github.com/dlang/dmd/pull/11836

dlang/dmd pull request #11836 "Fix issue 21234: Import expression can read files outside of -J path in case of symlink/hardlink" was merged into master: - ebda81e44fd0ca4b247a1860d9bef411c41c16cb by Andrey Zherikov: Fix issue 21234: Import expression can read files outside of -J path in case of symlink/hardlink https://github.com/dlang/dmd/pull/11836