Minor manual cleanup - inlined many format args. This makes the code a bit more readable, and helps spot a few inefficiencies and possible bugs. Note that `&foo` in a `format!` parameter results in a 6% extra performance cost, and does not get inlined by the compiler (yet).
Just in case some of the values cause an infinite loop (or at
least take a _very_ long time, see #7708), timeout, with the same
duration as the maximum total fuzzing time.
That'll allow us to _see_ what input causes the infinite loop.
Unfortunately, cargo clippy fails when testing fuzz_seq_parse_number:
```
error[E0603]: module `number` is private
--> fuzz_targets/fuzz_seq_parse_number.rs:9:13
|
9 | use uu_seq::number::PreciseNumber;
| ^^^^^^ private module
|
note: the module `number` is defined here
--> /home/drinkcat/dev/coreutils/coreutils/src/uu/seq/src/seq.rs:24:1
|
24 | mod number;
| ^^^^^^^^^^
```
But we can still fix the rest...
The number of digits would grow exponentially when large exponents
are passed, leading to conversion of numbers like 0x2p1000000 taking
forever to compute.
We use exponentiation by squaring to keep the precision within
reasonable bounds.
Fixes#7708.
This prevents a race conditions vulnerability in the tempdir implementation, where an attacker
potentially could modify the created temporary directory, before the restrictive permissions are
set.
The race conditions occurs in the moment between the temporary directory is created, and the proper
permissions are set.
# The fix
This patch changes the `make_temp_dir` to create the temporary directory with the proper
permissions creation time. Rather than first create, then set permissions.
This is done by giving the permissions to the builder.
See [tempfile doc](95540ed3fc/src/lib.rs (L449-L450)).
# Severity Low
The attack is only possible if the umask is configured to allow writes by group or other for created
file/directories.
# Related Resources
See: https://cwe.mitre.org/data/definitions/377.html
At the moment, most crates rely on build scripts and other methods to keep lint-consistency. As of recent, Rust can use workspaces to globally set all the lint configurations.
This PR only adds lint configuration to each crate, but it does not introduce any changes to the code or lint configuration. In the subsequent PRs, I plan to gradually move lints from `uucore` to workspace, making all code consistent.
Note that `seq` relies on a custom lint config - which means its configuration may need to be managed by hand until Cargo introduces per-crate overrides.
Minor manual cleanup - inlined many format args. This makes the code a bit more readable, and helps spot a few inefficiencies and possible bugs. Note that `&foo` in a `format!` parameter results in a 6% extra performance cost, and does not get inlined by the compiler (yet).
Minor cleanup using clippy autofix. This makes the code a bit more readable, and helps spot a few inefficiencies and possible bugs.
```
cargo clippy --fix --workspace -- -A clippy::all -W clippy::uninlined_format_args && cargo fmt
```
* Correct chmod -R on dangling symlink and tests
* Add tests of arg-level symlink to chmod
* Add tests of all symlink flag combos on chmod dangling
* Fix no traverse on dangling symlink
* Add chmod recursive tests of default symlink method
* Add default chmod -H flag tests
* Set chmod default traversal method correctly to -H
* Fix arg symlink chmod case
* Remove extra chmod -H testing
---------
Co-authored-by: Clifford Ressel <EMAIL@gmail.com>
