this post was submitted on 08 Sep 2023
25 points (100.0% liked)
Rust
6005 readers
5 users here now
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Wormhole
Credits
- The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No. It's “don’t mix URI parses”.
Or if you want to be more specific, it's "make sure security-sensitive paths are maximally specified, safely constructed, and maximally typed all the way".
A combination of
file://
URLs being under-specified, and a C library (and not any C library, butglib
, a special level of shit) predictably offering crap interface and contract guarantees (and hidden bugs to boot, yay).This reaching attempt for some shallow generic common wisdom explanation actually reminds me of my first ever Lemmy discussion, where URLs were also incidentally involved.
The very same type of mistakes happens in file systems even without URIs being involved. Directory traversal checks look simple but sooner or later need hard-to-understand symlink following rules. Enforcing processor policy has terrible portability there (it even only became practical on Linux with landlock), but nonetheless I think it's preferable.
Not mixing URI parsers is a good advice for when processor policies are unavailable – but let's try to make them available more often.