diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-02 18:36:06 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-02 18:36:06 -0600 |
| commit | 8cdfa445d6629ffef4cb84967ff7017654045bc2 (patch) | |
| tree | 22f0b0907c024c78d26a731e2e1f5219407d8102 /vendor/tempfile/src | |
| parent | 4351c74c7c5f97156bc94d3a8549b9940ac80e3f (diff) | |
chore: add vendor directory
Diffstat (limited to 'vendor/tempfile/src')
| -rw-r--r-- | vendor/tempfile/src/dir/imp/any.rs | 24 | ||||
| -rw-r--r-- | vendor/tempfile/src/dir/imp/mod.rs | 9 | ||||
| -rw-r--r-- | vendor/tempfile/src/dir/imp/unix.rs | 26 | ||||
| -rw-r--r-- | vendor/tempfile/src/dir/mod.rs | 516 | ||||
| -rw-r--r-- | vendor/tempfile/src/env.rs | 44 | ||||
| -rw-r--r-- | vendor/tempfile/src/error.rs | 45 | ||||
| -rw-r--r-- | vendor/tempfile/src/file/imp/mod.rs | 9 | ||||
| -rw-r--r-- | vendor/tempfile/src/file/imp/other.rs | 34 | ||||
| -rw-r--r-- | vendor/tempfile/src/file/imp/unix.rs | 161 | ||||
| -rw-r--r-- | vendor/tempfile/src/file/imp/windows.rs | 119 | ||||
| -rw-r--r-- | vendor/tempfile/src/file/mod.rs | 1078 | ||||
| -rw-r--r-- | vendor/tempfile/src/lib.rs | 760 | ||||
| -rw-r--r-- | vendor/tempfile/src/spooled.rs | 249 | ||||
| -rw-r--r-- | vendor/tempfile/src/util.rs | 82 |
14 files changed, 3156 insertions, 0 deletions
diff --git a/vendor/tempfile/src/dir/imp/any.rs b/vendor/tempfile/src/dir/imp/any.rs new file mode 100644 index 00000000..e938d87c --- /dev/null +++ b/vendor/tempfile/src/dir/imp/any.rs @@ -0,0 +1,24 @@ +use crate::error::IoResultExt; +use crate::TempDir; +use std::path::PathBuf; +use std::{fs, io}; + +fn not_supported<T>(msg: &str) -> io::Result<T> { + Err(io::Error::new(io::ErrorKind::Other, msg)) +} + +pub fn create( + path: PathBuf, + permissions: Option<&std::fs::Permissions>, + disable_cleanup: bool, +) -> io::Result<TempDir> { + if permissions.map_or(false, |p| p.readonly()) { + return not_supported("changing permissions is not supported on this platform"); + } + fs::create_dir(&path) + .with_err_path(|| &path) + .map(|_| TempDir { + path: path.into_boxed_path(), + disable_cleanup, + }) +} diff --git a/vendor/tempfile/src/dir/imp/mod.rs b/vendor/tempfile/src/dir/imp/mod.rs new file mode 100644 index 00000000..26d0a227 --- /dev/null +++ b/vendor/tempfile/src/dir/imp/mod.rs @@ -0,0 +1,9 @@ +#[cfg(unix)] +mod unix; +#[cfg(unix)] +pub use unix::*; + +#[cfg(not(unix))] +mod any; +#[cfg(not(unix))] +pub use any::*; diff --git a/vendor/tempfile/src/dir/imp/unix.rs b/vendor/tempfile/src/dir/imp/unix.rs new file mode 100644 index 00000000..54f305e9 --- /dev/null +++ b/vendor/tempfile/src/dir/imp/unix.rs @@ -0,0 +1,26 @@ +use crate::error::IoResultExt; +use crate::TempDir; +use std::io; +use std::path::PathBuf; + +pub fn create( + path: PathBuf, + permissions: Option<&std::fs::Permissions>, + disable_cleanup: bool, +) -> io::Result<TempDir> { + let mut dir_options = std::fs::DirBuilder::new(); + #[cfg(not(target_os = "wasi"))] + { + use std::os::unix::fs::{DirBuilderExt, PermissionsExt}; + if let Some(p) = permissions { + dir_options.mode(p.mode()); + } + } + dir_options + .create(&path) + .with_err_path(|| &path) + .map(|_| TempDir { + path: path.into_boxed_path(), + disable_cleanup, + }) +} diff --git a/vendor/tempfile/src/dir/mod.rs b/vendor/tempfile/src/dir/mod.rs new file mode 100644 index 00000000..a7d7388e --- /dev/null +++ b/vendor/tempfile/src/dir/mod.rs @@ -0,0 +1,516 @@ +// Copyright 2015 The Rust Project Developers. See the COPYRIGHT +// file at the top-level directory of this distribution and at +// http://rust-lang.org/COPYRIGHT. +// +// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or +// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license +// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +use std::ffi::OsStr; +use std::fs::remove_dir_all; +use std::mem; +use std::path::{self, Path, PathBuf}; +use std::{fmt, io}; + +use crate::error::IoResultExt; +use crate::Builder; + +#[cfg(doc)] +use crate::env; + +/// Create a new temporary directory. Also see [`tempdir_in`]. +/// +/// The `tempdir` function creates a directory in the file system and returns a +/// [`TempDir`]. The directory will be automatically deleted when the `TempDir`'s +/// destructor is run. +/// +/// # Resource Leaking +/// +/// See [the resource leaking][resource-leaking] docs on `TempDir`. +/// +/// # Security +/// +/// Temporary directories are created with the default permissions unless otherwise +/// specified via [`Builder::permissions`]. Depending on your platform, this may make +/// them world-readable. +/// +/// # Errors +/// +/// If the directory can not be created, `Err` is returned. +/// +/// # Examples +/// +/// ``` +/// use tempfile::tempdir; +/// use std::fs::File; +/// use std::io::Write; +/// +/// // Create a directory inside of `env::temp_dir()` +/// let tmp_dir = tempdir()?; +/// +/// let file_path = tmp_dir.path().join("my-temporary-note.txt"); +/// let mut tmp_file = File::create(file_path)?; +/// writeln!(tmp_file, "Brian was here. Briefly.")?; +/// +/// // `tmp_dir` goes out of scope, the directory as well as +/// // `tmp_file` will be deleted here. +/// drop(tmp_file); +/// tmp_dir.close()?; +/// # Ok::<(), std::io::Error>(()) +/// ``` +/// +/// [`TempDir`]: struct.TempDir.html +/// [resource-leaking]: struct.TempDir.html#resource-leaking +pub fn tempdir() -> io::Result<TempDir> { + TempDir::new() +} + +/// Create a new temporary directory in a specific directory. Also see [`tempdir`]. +/// +/// The `tempdir_in` function creates a directory in the specified directory +/// and returns a [`TempDir`]. +/// The directory will be automatically deleted when the `TempDir`s +/// destructor is run. +/// +/// # Resource Leaking +/// +/// See [the resource leaking][resource-leaking] docs on `TempDir`. +/// +/// # Errors +/// +/// If the directory can not be created, `Err` is returned. +/// +/// # Examples +/// +/// ``` +/// use tempfile::tempdir_in; +/// use std::fs::File; +/// use std::io::Write; +/// +/// // Create a directory inside of the current directory. +/// let tmp_dir = tempdir_in(".")?; +/// +/// let file_path = tmp_dir.path().join("my-temporary-note.txt"); +/// let mut tmp_file = File::create(file_path)?; +/// writeln!(tmp_file, "Brian was here. Briefly.")?; +/// +/// // `tmp_dir` goes out of scope, the directory as well as +/// // `tmp_file` will be deleted here. +/// drop(tmp_file); +/// tmp_dir.close()?; +/// # Ok::<(), std::io::Error>(()) +/// ``` +/// +/// [`TempDir`]: struct.TempDir.html +/// [resource-leaking]: struct.TempDir.html#resource-leaking +pub fn tempdir_in<P: AsRef<Path>>(dir: P) -> io::Result<TempDir> { + TempDir::new_in(dir) +} + +/// A directory in the filesystem that is automatically deleted when +/// it goes out of scope. +/// +/// The [`TempDir`] type creates a directory on the file system that +/// is deleted once it goes out of scope. At construction, the +/// `TempDir` creates a new directory with a randomly generated name. +/// +/// The default constructor, [`TempDir::new()`], creates directories in +/// the location returned by [`env::temp_dir()`], but `TempDir` +/// can be configured to manage a temporary directory in any location +/// by constructing with a [`Builder`]. +/// +/// After creating a `TempDir`, work with the file system by doing +/// standard [`std::fs`] file system operations on its [`Path`], +/// which can be retrieved with [`TempDir::path()`]. Once the `TempDir` +/// value is dropped, the directory at the path will be deleted, along +/// with any files and directories it contains. It is your responsibility +/// to ensure that no further file system operations are attempted +/// inside the temporary directory once it has been deleted. +/// +/// # Resource Leaking +/// +/// Various platform-specific conditions may cause `TempDir` to fail +/// to delete the underlying directory. It's important to ensure that +/// handles (like [`File`] and [`ReadDir`]) to files inside the +/// directory are dropped before the `TempDir` goes out of scope. The +/// `TempDir` destructor will silently ignore any errors in deleting +/// the directory; to instead handle errors call [`TempDir::close()`]. +/// +/// Note that if the program exits before the `TempDir` destructor is +/// run, such as via [`std::process::exit()`], by segfaulting, or by +/// receiving a signal like `SIGINT`, then the temporary directory +/// will not be deleted. +/// +/// # Examples +/// +/// Create a temporary directory with a generated name: +/// +/// ``` +/// use std::fs::File; +/// use std::io::Write; +/// use tempfile::TempDir; +/// +/// // Create a directory inside of `env::temp_dir()` +/// let tmp_dir = TempDir::new()?; +/// # Ok::<(), std::io::Error>(()) +/// ``` +/// +/// Create a temporary directory with a prefix in its name: +/// +/// ``` +/// use std::fs::File; +/// use std::io::Write; +/// use tempfile::Builder; +/// +/// // Create a directory inside of `env::temp_dir()`, +/// // whose name will begin with 'example'. +/// let tmp_dir = Builder::new().prefix("example").tempdir()?; +/// # Ok::<(), std::io::Error>(()) +/// ``` +/// +/// [`File`]: http://doc.rust-lang.org/std/fs/struct.File.html +/// [`Path`]: http://doc.rust-lang.org/std/path/struct.Path.html +/// [`ReadDir`]: http://doc.rust-lang.org/std/fs/struct.ReadDir.html +/// [`Builder`]: struct.Builder.html +/// [`TempDir::close()`]: struct.TempDir.html#method.close +/// [`TempDir::new()`]: struct.TempDir.html#method.new +/// [`TempDir::path()`]: struct.TempDir.html#method.path +/// [`TempDir`]: struct.TempDir.html +/// [`std::fs`]: http://doc.rust-lang.org/std/fs/index.html +/// [`std::process::exit()`]: http://doc.rust-lang.org/std/process/fn.exit.html +pub struct TempDir { + path: Box<Path>, + disable_cleanup: bool, +} + +impl TempDir { + /// Attempts to make a temporary directory inside of `env::temp_dir()`. + /// + /// See [`Builder`] for more configuration. + /// + /// The directory and everything inside it will be automatically deleted + /// once the returned `TempDir` is destroyed. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use std::fs::File; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of `env::temp_dir()` + /// let tmp_dir = TempDir::new()?; + /// + /// let file_path = tmp_dir.path().join("my-temporary-note.txt"); + /// let mut tmp_file = File::create(file_path)?; + /// writeln!(tmp_file, "Brian was here. Briefly.")?; + /// + /// // `tmp_dir` goes out of scope, the directory as well as + /// // `tmp_file` will be deleted here. + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`Builder`]: struct.Builder.html + pub fn new() -> io::Result<TempDir> { + Builder::new().tempdir() + } + + /// Attempts to make a temporary directory inside of `dir`. + /// The directory and everything inside it will be automatically + /// deleted once the returned `TempDir` is destroyed. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use std::fs::{self, File}; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of the current directory + /// let tmp_dir = TempDir::new_in(".")?; + /// let file_path = tmp_dir.path().join("my-temporary-note.txt"); + /// let mut tmp_file = File::create(file_path)?; + /// writeln!(tmp_file, "Brian was here. Briefly.")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn new_in<P: AsRef<Path>>(dir: P) -> io::Result<TempDir> { + Builder::new().tempdir_in(dir) + } + + /// Attempts to make a temporary directory with the specified prefix inside of + /// `env::temp_dir()`. The directory and everything inside it will be automatically + /// deleted once the returned `TempDir` is destroyed. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use std::fs::{self, File}; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of the current directory + /// let tmp_dir = TempDir::with_prefix("foo-")?; + /// let tmp_name = tmp_dir.path().file_name().unwrap().to_str().unwrap(); + /// assert!(tmp_name.starts_with("foo-")); + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn with_prefix<S: AsRef<OsStr>>(prefix: S) -> io::Result<TempDir> { + Builder::new().prefix(&prefix).tempdir() + } + + /// Attempts to make a temporary directory with the specified suffix inside of + /// `env::temp_dir()`. The directory and everything inside it will be automatically + /// deleted once the returned `TempDir` is destroyed. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use std::fs::{self, File}; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of the current directory + /// let tmp_dir = TempDir::with_suffix("-foo")?; + /// let tmp_name = tmp_dir.path().file_name().unwrap().to_str().unwrap(); + /// assert!(tmp_name.ends_with("-foo")); + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn with_suffix<S: AsRef<OsStr>>(suffix: S) -> io::Result<TempDir> { + Builder::new().suffix(&suffix).tempdir() + } + /// Attempts to make a temporary directory with the specified prefix inside + /// the specified directory. The directory and everything inside it will be + /// automatically deleted once the returned `TempDir` is destroyed. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use std::fs::{self, File}; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of the current directory + /// let tmp_dir = TempDir::with_suffix_in("-foo", ".")?; + /// let tmp_name = tmp_dir.path().file_name().unwrap().to_str().unwrap(); + /// assert!(tmp_name.ends_with("-foo")); + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn with_suffix_in<S: AsRef<OsStr>, P: AsRef<Path>>( + suffix: S, + dir: P, + ) -> io::Result<TempDir> { + Builder::new().suffix(&suffix).tempdir_in(dir) + } + + /// Attempts to make a temporary directory with the specified prefix inside + /// the specified directory. The directory and everything inside it will be + /// automatically deleted once the returned `TempDir` is destroyed. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use std::fs::{self, File}; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of the current directory + /// let tmp_dir = TempDir::with_prefix_in("foo-", ".")?; + /// let tmp_name = tmp_dir.path().file_name().unwrap().to_str().unwrap(); + /// assert!(tmp_name.starts_with("foo-")); + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn with_prefix_in<S: AsRef<OsStr>, P: AsRef<Path>>( + prefix: S, + dir: P, + ) -> io::Result<TempDir> { + Builder::new().prefix(&prefix).tempdir_in(dir) + } + + /// Accesses the [`Path`] to the temporary directory. + /// + /// [`Path`]: http://doc.rust-lang.org/std/path/struct.Path.html + /// + /// # Examples + /// + /// ``` + /// use tempfile::TempDir; + /// + /// let tmp_path; + /// + /// { + /// let tmp_dir = TempDir::new()?; + /// tmp_path = tmp_dir.path().to_owned(); + /// + /// // Check that the temp directory actually exists. + /// assert!(tmp_path.exists()); + /// + /// // End of `tmp_dir` scope, directory will be deleted + /// } + /// + /// // Temp directory should be deleted by now + /// assert_eq!(tmp_path.exists(), false); + /// # Ok::<(), std::io::Error>(()) + /// ``` + #[must_use] + pub fn path(&self) -> &path::Path { + self.path.as_ref() + } + + /// Deprecated alias for [`TempDir::keep`]. + #[must_use] + #[deprecated = "use TempDir::keep()"] + pub fn into_path(self) -> PathBuf { + self.keep() + } + + /// Persist the temporary directory to disk, returning the [`PathBuf`] where it is located. + /// + /// This consumes the [`TempDir`] without deleting directory on the filesystem, meaning that + /// the directory will no longer be automatically deleted. + /// + /// If you want to disable automatic cleanup of the temporary directory in-place, keeping the + /// `TempDir` as-is, use [`TempDir::disable_cleanup`] instead. + /// + /// [`TempDir`]: struct.TempDir.html + /// [`PathBuf`]: http://doc.rust-lang.org/std/path/struct.PathBuf.html + /// + /// # Examples + /// + /// ``` + /// use std::fs; + /// use tempfile::TempDir; + /// + /// let tmp_dir = TempDir::new()?; + /// + /// // Persist the temporary directory to disk, + /// // getting the path where it is. + /// let tmp_path = tmp_dir.keep(); + /// + /// // Delete the temporary directory ourselves. + /// fs::remove_dir_all(tmp_path)?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + #[must_use] + pub fn keep(mut self) -> PathBuf { + self.disable_cleanup(true); + mem::replace(&mut self.path, PathBuf::new().into_boxed_path()).into() + } + + /// Disable cleanup of the temporary directory. If `disable_cleanup` is `true`, the temporary + /// directory will not be deleted when this `TempDir` is dropped. This method is equivalent to + /// calling [`Builder::disable_cleanup`] when creating the `TempDir`. + /// + /// **NOTE:** this method is primarily useful for testing/debugging. If you want to simply turn + /// a temporary directory into a non-temporary directory, prefer [`TempDir::keep`]. + pub fn disable_cleanup(&mut self, disable_cleanup: bool) { + self.disable_cleanup = disable_cleanup + } + + /// Closes and removes the temporary directory, returning a `Result`. + /// + /// Although `TempDir` removes the directory on drop, in the destructor + /// any errors are ignored. To detect errors cleaning up the temporary + /// directory, call `close` instead. + /// + /// # Errors + /// + /// This function may return a variety of [`std::io::Error`]s that result from deleting + /// the files and directories contained with the temporary directory, + /// as well as from deleting the temporary directory itself. These errors + /// may be platform specific. + /// + /// [`std::io::Error`]: http://doc.rust-lang.org/std/io/struct.Error.html + /// + /// # Examples + /// + /// ``` + /// use std::fs::File; + /// use std::io::Write; + /// use tempfile::TempDir; + /// + /// // Create a directory inside of `env::temp_dir()`. + /// let tmp_dir = TempDir::new()?; + /// let file_path = tmp_dir.path().join("my-temporary-note.txt"); + /// let mut tmp_file = File::create(file_path)?; + /// writeln!(tmp_file, "Brian was here. Briefly.")?; + /// + /// // By closing the `TempDir` explicitly we can check that it has + /// // been deleted successfully. If we don't close it explicitly, + /// // the directory will still be deleted when `tmp_dir` goes out + /// // of scope, but we won't know whether deleting the directory + /// // succeeded. + /// drop(tmp_file); + /// tmp_dir.close()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn close(mut self) -> io::Result<()> { + let result = remove_dir_all(self.path()).with_err_path(|| self.path()); + + // Set self.path to empty Box to release the memory, since an empty + // Box does not allocate any heap memory. + self.path = PathBuf::new().into_boxed_path(); + + // Prevent the Drop impl from being called. + mem::forget(self); + + result + } +} + +impl AsRef<Path> for TempDir { + fn as_ref(&self) -> &Path { + self.path() + } +} + +impl fmt::Debug for TempDir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("TempDir") + .field("path", &self.path()) + .finish() + } +} + +impl Drop for TempDir { + fn drop(&mut self) { + if !self.disable_cleanup { + let _ = remove_dir_all(self.path()); + } + } +} + +pub(crate) fn create( + path: PathBuf, + permissions: Option<&std::fs::Permissions>, + disable_cleanup: bool, +) -> io::Result<TempDir> { + imp::create(path, permissions, disable_cleanup) +} + +mod imp; diff --git a/vendor/tempfile/src/env.rs b/vendor/tempfile/src/env.rs new file mode 100644 index 00000000..b9574510 --- /dev/null +++ b/vendor/tempfile/src/env.rs @@ -0,0 +1,44 @@ +use std::env; +use std::path::{Path, PathBuf}; + +// Once rust 1.70 is wide-spread (Debian stable), we can use OnceLock from stdlib. +use once_cell::sync::OnceCell as OnceLock; + +static DEFAULT_TEMPDIR: OnceLock<PathBuf> = OnceLock::new(); + +/// Override the default temporary directory (defaults to [`std::env::temp_dir`]). This function +/// changes the _global_ default temporary directory for the entire program and should not be called +/// except in exceptional cases where it's not configured correctly by the platform. Applications +/// should first check if the path returned by [`env::temp_dir`] is acceptable. +/// +/// Only the first call to this function will succeed. All further calls will fail with `Err(path)` +/// where `path` is previously set default temporary directory override. +/// +/// **NOTE:** This function does not check if the specified directory exists and/or is writable. +pub fn override_temp_dir(path: &Path) -> Result<(), PathBuf> { + let mut we_set = false; + let val = DEFAULT_TEMPDIR.get_or_init(|| { + we_set = true; + path.to_path_buf() + }); + if we_set { + Ok(()) + } else { + Err(val.to_owned()) + } +} + +/// Returns the default temporary directory, used for both temporary directories and files if no +/// directory is explicitly specified. +/// +/// This function simply delegates to [`std::env::temp_dir`] unless the default temporary directory +/// has been override by a call to [`override_temp_dir`]. +/// +/// **NOTE:** This function does check if the returned directory exists and/or is writable. +pub fn temp_dir() -> PathBuf { + DEFAULT_TEMPDIR + .get() + .map(|p| p.to_owned()) + // Don't cache this in case the user uses std::env::set to change the temporary directory. + .unwrap_or_else(env::temp_dir) +} diff --git a/vendor/tempfile/src/error.rs b/vendor/tempfile/src/error.rs new file mode 100644 index 00000000..ed6b6cc8 --- /dev/null +++ b/vendor/tempfile/src/error.rs @@ -0,0 +1,45 @@ +use std::path::PathBuf; +use std::{error, fmt, io}; + +#[derive(Debug)] +struct PathError { + path: PathBuf, + err: io::Error, +} + +impl fmt::Display for PathError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "{} at path {:?}", self.err, self.path) + } +} + +impl error::Error for PathError { + fn source(&self) -> Option<&(dyn error::Error + 'static)> { + self.err.source() + } +} + +pub(crate) trait IoResultExt<T> { + fn with_err_path<F, P>(self, path: F) -> Self + where + F: FnOnce() -> P, + P: Into<PathBuf>; +} + +impl<T> IoResultExt<T> for Result<T, io::Error> { + fn with_err_path<F, P>(self, path: F) -> Self + where + F: FnOnce() -> P, + P: Into<PathBuf>, + { + self.map_err(|e| { + io::Error::new( + e.kind(), + PathError { + path: path().into(), + err: e, + }, + ) + }) + } +} diff --git a/vendor/tempfile/src/file/imp/mod.rs b/vendor/tempfile/src/file/imp/mod.rs new file mode 100644 index 00000000..8a00f201 --- /dev/null +++ b/vendor/tempfile/src/file/imp/mod.rs @@ -0,0 +1,9 @@ +#[cfg_attr(any(unix, target_os = "redox", target_os = "wasi"), path = "unix.rs")] +#[cfg_attr(windows, path = "windows.rs")] +#[cfg_attr( + not(any(unix, target_os = "redox", target_os = "wasi", windows)), + path = "other.rs" +)] +mod platform; + +pub use self::platform::*; diff --git a/vendor/tempfile/src/file/imp/other.rs b/vendor/tempfile/src/file/imp/other.rs new file mode 100644 index 00000000..bba36712 --- /dev/null +++ b/vendor/tempfile/src/file/imp/other.rs @@ -0,0 +1,34 @@ +use std::fs::{File, OpenOptions}; +use std::io; +use std::path::Path; + +fn not_supported<T>() -> io::Result<T> { + Err(io::Error::new( + io::ErrorKind::Other, + "operation not supported on this platform", + )) +} + +pub fn create_named( + _path: &Path, + _open_options: &mut OpenOptions, + _permissions: Option<&std::fs::Permissions>, +) -> io::Result<File> { + not_supported() +} + +pub fn create(_dir: &Path) -> io::Result<File> { + not_supported() +} + +pub fn reopen(_file: &File, _path: &Path) -> io::Result<File> { + not_supported() +} + +pub fn persist(_old_path: &Path, _new_path: &Path, _overwrite: bool) -> io::Result<()> { + not_supported() +} + +pub fn keep(_path: &Path) -> io::Result<()> { + not_supported() +} diff --git a/vendor/tempfile/src/file/imp/unix.rs b/vendor/tempfile/src/file/imp/unix.rs new file mode 100644 index 00000000..0d0520b6 --- /dev/null +++ b/vendor/tempfile/src/file/imp/unix.rs @@ -0,0 +1,161 @@ +use std::ffi::OsStr; +use std::fs::{self, File, OpenOptions}; +use std::io; + +use crate::util; +use std::path::Path; + +#[cfg(not(target_os = "redox"))] +use { + rustix::fs::{rename, unlink}, + std::fs::hard_link, +}; + +pub fn create_named( + path: &Path, + open_options: &mut OpenOptions, + #[cfg_attr(target_os = "wasi", allow(unused))] permissions: Option<&std::fs::Permissions>, +) -> io::Result<File> { + open_options.read(true).write(true).create_new(true); + + #[cfg(not(target_os = "wasi"))] + { + use std::os::unix::fs::{OpenOptionsExt, PermissionsExt}; + open_options.mode(permissions.map(|p| p.mode()).unwrap_or(0o600)); + } + + open_options.open(path) +} + +fn create_unlinked(path: &Path) -> io::Result<File> { + let tmp; + // shadow this to decrease the lifetime. It can't live longer than `tmp`. + let mut path = path; + if !path.is_absolute() { + let cur_dir = std::env::current_dir()?; + tmp = cur_dir.join(path); + path = &tmp; + } + + let f = create_named(path, &mut OpenOptions::new(), None)?; + // don't care whether the path has already been unlinked, + // but perhaps there are some IO error conditions we should send up? + let _ = fs::remove_file(path); + Ok(f) +} + +#[cfg(target_os = "linux")] +pub fn create(dir: &Path) -> io::Result<File> { + use rustix::{fs::OFlags, io::Errno}; + use std::os::unix::fs::OpenOptionsExt; + OpenOptions::new() + .read(true) + .write(true) + .custom_flags(OFlags::TMPFILE.bits() as i32) // do not mix with `create_new(true)` + .open(dir) + .or_else(|e| { + match Errno::from_io_error(&e) { + // These are the three "not supported" error codes for O_TMPFILE. + Some(Errno::OPNOTSUPP) | Some(Errno::ISDIR) | Some(Errno::NOENT) => { + create_unix(dir) + } + _ => Err(e), + } + }) +} + +#[cfg(not(target_os = "linux"))] +pub fn create(dir: &Path) -> io::Result<File> { + create_unix(dir) +} + +fn create_unix(dir: &Path) -> io::Result<File> { + util::create_helper( + dir, + OsStr::new(".tmp"), + OsStr::new(""), + crate::NUM_RAND_CHARS, + |path| create_unlinked(&path), + ) +} + +#[cfg(any(not(target_os = "wasi"), feature = "nightly"))] +pub fn reopen(file: &File, path: &Path) -> io::Result<File> { + #[cfg(not(target_os = "wasi"))] + use std::os::unix::fs::MetadataExt; + #[cfg(target_os = "wasi")] + use std::os::wasi::fs::MetadataExt; + + let new_file = OpenOptions::new().read(true).write(true).open(path)?; + let old_meta = file.metadata()?; + let new_meta = new_file.metadata()?; + if old_meta.dev() != new_meta.dev() || old_meta.ino() != new_meta.ino() { + return Err(io::Error::new( + io::ErrorKind::NotFound, + "original tempfile has been replaced", + )); + } + Ok(new_file) +} + +#[cfg(all(target_os = "wasi", not(feature = "nightly")))] +pub fn reopen(_file: &File, _path: &Path) -> io::Result<File> { + return Err(io::Error::new( + io::ErrorKind::Other, + "this operation is supported on WASI only on nightly Rust (with `nightly` feature enabled)", + )); +} + +#[cfg(not(target_os = "redox"))] +pub fn persist(old_path: &Path, new_path: &Path, overwrite: bool) -> io::Result<()> { + if overwrite { + rename(old_path, new_path)?; + } else { + // On Linux and apple operating systems, use `renameat_with` to avoid overwriting an + // existing name, if the kernel and the filesystem support it. + #[cfg(any( + target_os = "android", + target_os = "linux", + target_os = "macos", + target_os = "ios", + target_os = "tvos", + target_os = "visionos", + target_os = "watchos", + ))] + { + use rustix::fs::{renameat_with, RenameFlags, CWD}; + use rustix::io::Errno; + use std::sync::atomic::{AtomicBool, Ordering::Relaxed}; + + static NOSYS: AtomicBool = AtomicBool::new(false); + if !NOSYS.load(Relaxed) { + match renameat_with(CWD, old_path, CWD, new_path, RenameFlags::NOREPLACE) { + Ok(()) => return Ok(()), + Err(Errno::NOSYS) => NOSYS.store(true, Relaxed), + Err(Errno::INVAL) => {} + Err(e) => return Err(e.into()), + } + } + } + + // Otherwise use `hard_link` to create the new filesystem name, which + // will fail if the name already exists, and then `unlink` to remove + // the old name. + hard_link(old_path, new_path)?; + + // Ignore unlink errors. Can we do better? + let _ = unlink(old_path); + } + Ok(()) +} + +#[cfg(target_os = "redox")] +pub fn persist(_old_path: &Path, _new_path: &Path, _overwrite: bool) -> io::Result<()> { + // XXX implement when possible + use rustix::io::Errno; + Err(Errno::NOSYS.into()) +} + +pub fn keep(_: &Path) -> io::Result<()> { + Ok(()) +} diff --git a/vendor/tempfile/src/file/imp/windows.rs b/vendor/tempfile/src/file/imp/windows.rs new file mode 100644 index 00000000..3ef149d6 --- /dev/null +++ b/vendor/tempfile/src/file/imp/windows.rs @@ -0,0 +1,119 @@ +use std::ffi::OsStr; +use std::fs::{File, OpenOptions}; +use std::os::windows::ffi::OsStrExt; +use std::os::windows::fs::OpenOptionsExt; +use std::os::windows::io::{AsRawHandle, FromRawHandle, RawHandle}; +use std::path::Path; +use std::{io, iter}; + +use windows_sys::Win32::Foundation::{HANDLE, INVALID_HANDLE_VALUE}; +use windows_sys::Win32::Storage::FileSystem::{ + MoveFileExW, ReOpenFile, SetFileAttributesW, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_TEMPORARY, + FILE_FLAG_DELETE_ON_CLOSE, FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_SHARE_DELETE, + FILE_SHARE_READ, FILE_SHARE_WRITE, MOVEFILE_REPLACE_EXISTING, +}; + +use crate::util; + +fn to_utf16(s: &Path) -> Vec<u16> { + s.as_os_str().encode_wide().chain(iter::once(0)).collect() +} + +fn not_supported<T>(msg: &str) -> io::Result<T> { + Err(io::Error::new(io::ErrorKind::Other, msg)) +} + +pub fn create_named( + path: &Path, + open_options: &mut OpenOptions, + permissions: Option<&std::fs::Permissions>, +) -> io::Result<File> { + if permissions.map_or(false, |p| p.readonly()) { + return not_supported("changing permissions is not supported on this platform"); + } + open_options + .create_new(true) + .read(true) + .write(true) + .custom_flags(FILE_ATTRIBUTE_TEMPORARY) + .open(path) +} + +pub fn create(dir: &Path) -> io::Result<File> { + util::create_helper( + dir, + OsStr::new(".tmp"), + OsStr::new(""), + crate::NUM_RAND_CHARS, + |path| { + let f = OpenOptions::new() + .create_new(true) + .read(true) + .write(true) + .share_mode(0) + .custom_flags(FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE) + .open(path)?; + // NOTE: in theory, we could delete the file immediately (we open the file in "unix + // semantics" mode) but this seemed to corrupt something in Windows at scale (see #339). + // So we just rely on `FILE_FLAG_DELETE_ON_CLOSE`. + Ok(f) + }, + ) +} + +pub fn reopen(file: &File, _path: &Path) -> io::Result<File> { + let handle = file.as_raw_handle(); + unsafe { + let handle = ReOpenFile( + handle as HANDLE, + FILE_GENERIC_READ | FILE_GENERIC_WRITE, + FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, + 0, + ); + if handle == INVALID_HANDLE_VALUE { + Err(io::Error::last_os_error()) + } else { + Ok(FromRawHandle::from_raw_handle(handle as RawHandle)) + } + } +} + +pub fn keep(path: &Path) -> io::Result<()> { + unsafe { + let path_w = to_utf16(path); + if SetFileAttributesW(path_w.as_ptr(), FILE_ATTRIBUTE_NORMAL) == 0 { + Err(io::Error::last_os_error()) + } else { + Ok(()) + } + } +} + +pub fn persist(old_path: &Path, new_path: &Path, overwrite: bool) -> io::Result<()> { + unsafe { + let old_path_w = to_utf16(old_path); + let new_path_w = to_utf16(new_path); + + // Don't succeed if this fails. We don't want to claim to have successfully persisted a file + // still marked as temporary because this file won't have the same consistency guarantees. + if SetFileAttributesW(old_path_w.as_ptr(), FILE_ATTRIBUTE_NORMAL) == 0 { + return Err(io::Error::last_os_error()); + } + + let mut flags = 0; + + if overwrite { + flags |= MOVEFILE_REPLACE_EXISTING; + } + + if MoveFileExW(old_path_w.as_ptr(), new_path_w.as_ptr(), flags) == 0 { + let e = io::Error::last_os_error(); + // If this fails, the temporary file is now un-hidden and no longer marked temporary + // (slightly less efficient) but it will still work. + let _ = SetFileAttributesW(old_path_w.as_ptr(), FILE_ATTRIBUTE_TEMPORARY); + Err(e) + } else { + Ok(()) + } + } +} diff --git a/vendor/tempfile/src/file/mod.rs b/vendor/tempfile/src/file/mod.rs new file mode 100644 index 00000000..2ec88b7f --- /dev/null +++ b/vendor/tempfile/src/file/mod.rs @@ -0,0 +1,1078 @@ +use std::error; +use std::ffi::OsStr; +use std::fmt; +use std::fs::{self, File, OpenOptions}; +use std::io::{self, Read, Seek, SeekFrom, Write}; +use std::mem; +use std::ops::Deref; +#[cfg(unix)] +use std::os::unix::io::{AsFd, AsRawFd, BorrowedFd, RawFd}; +#[cfg(target_os = "wasi")] +use std::os::wasi::io::{AsFd, AsRawFd, BorrowedFd, RawFd}; +#[cfg(windows)] +use std::os::windows::io::{AsHandle, AsRawHandle, BorrowedHandle, RawHandle}; +use std::path::{Path, PathBuf}; + +use crate::env; +use crate::error::IoResultExt; +use crate::Builder; + +mod imp; + +/// Create a new temporary file. Also see [`tempfile_in`]. +/// +/// The file will be created in the location returned by [`env::temp_dir()`]. +/// +/// # Security +/// +/// This variant is secure/reliable in the presence of a pathological temporary file cleaner. +/// +/// # Resource Leaking +/// +/// The temporary file will be automatically removed by the OS when the last handle to it is closed. +/// This doesn't rely on Rust destructors being run, so will (almost) never fail to clean up the temporary file. +/// +/// # Errors +/// +/// If the file can not be created, `Err` is returned. +/// +/// # Examples +/// +/// ``` +/// use tempfile::tempfile; +/// use std::io::Write; +/// +/// // Create a file inside of `env::temp_dir()`. +/// let mut file = tempfile()?; +/// +/// writeln!(file, "Brian was here. Briefly.")?; +/// # Ok::<(), std::io::Error>(()) +/// ``` +pub fn tempfile() -> io::Result<File> { + tempfile_in(env::temp_dir()) +} + +/// Create a new temporary file in the specified directory. Also see [`tempfile`]. +/// +/// # Security +/// +/// This variant is secure/reliable in the presence of a pathological temporary file cleaner. +/// If the temporary file isn't created in [`env::temp_dir()`] then temporary file cleaners aren't an issue. +/// +/// # Resource Leaking +/// +/// The temporary file will be automatically removed by the OS when the last handle to it is closed. +/// This doesn't rely on Rust destructors being run, so will (almost) never fail to clean up the temporary file. +/// +/// # Errors +/// +/// If the file can not be created, `Err` is returned. +/// +/// # Examples +/// +/// ``` +/// use tempfile::tempfile_in; +/// use std::io::Write; +/// +/// // Create a file inside of the current working directory +/// let mut file = tempfile_in("./")?; +/// +/// writeln!(file, "Brian was here. Briefly.")?; +/// # Ok::<(), std::io::Error>(()) +/// ``` +pub fn tempfile_in<P: AsRef<Path>>(dir: P) -> io::Result<File> { + imp::create(dir.as_ref()) +} + +/// Error returned when persisting a temporary file path fails. +#[derive(Debug)] +pub struct PathPersistError { + /// The underlying IO error. + pub error: io::Error, + /// The temporary file path that couldn't be persisted. + pub path: TempPath, +} + +impl From<PathPersistError> for io::Error { + #[inline] + fn from(error: PathPersistError) -> io::Error { + error.error + } +} + +impl From<PathPersistError> for TempPath { + #[inline] + fn from(error: PathPersistError) -> TempPath { + error.path + } +} + +impl fmt::Display for PathPersistError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "failed to persist temporary file path: {}", self.error) + } +} + +impl error::Error for PathPersistError { + fn source(&self) -> Option<&(dyn error::Error + 'static)> { + Some(&self.error) + } +} + +/// A path to a named temporary file without an open file handle. +/// +/// This is useful when the temporary file needs to be used by a child process, +/// for example. +/// +/// When dropped, the temporary file is deleted unless `disable_cleanup(true)` was called on the +/// builder that constructed this temporary file and/or was called on either this `TempPath` or the +/// `NamedTempFile` from which this `TempPath` was constructed. +pub struct TempPath { + path: Box<Path>, + disable_cleanup: bool, +} + +impl TempPath { + /// Close and remove the temporary file. + /// + /// Use this if you want to detect errors in deleting the file. + /// + /// # Errors + /// + /// If the file cannot be deleted, `Err` is returned. + /// + /// # Examples + /// + /// ```no_run + /// use tempfile::NamedTempFile; + /// + /// let file = NamedTempFile::new()?; + /// + /// // Close the file, but keep the path to it around. + /// let path = file.into_temp_path(); + /// + /// // By closing the `TempPath` explicitly, we can check that it has + /// // been deleted successfully. If we don't close it explicitly, the + /// // file will still be deleted when `file` goes out of scope, but we + /// // won't know whether deleting the file succeeded. + /// path.close()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn close(mut self) -> io::Result<()> { + let result = fs::remove_file(&self.path).with_err_path(|| &*self.path); + self.path = PathBuf::new().into_boxed_path(); + mem::forget(self); + result + } + + /// Persist the temporary file at the target path. + /// + /// If a file exists at the target path, persist will atomically replace it. + /// If this method fails, it will return `self` in the resulting + /// [`PathPersistError`]. + /// + /// Note: Temporary files cannot be persisted across filesystems. Also + /// neither the file contents nor the containing directory are + /// synchronized, so the update may not yet have reached the disk when + /// `persist` returns. + /// + /// # Security + /// + /// Only use this method if you're positive that a temporary file cleaner + /// won't have deleted your file. Otherwise, you might end up persisting an + /// attacker controlled file. + /// + /// # Errors + /// + /// If the file cannot be moved to the new location, `Err` is returned. + /// + /// # Examples + /// + /// ```no_run + /// use std::io::Write; + /// use tempfile::NamedTempFile; + /// + /// let mut file = NamedTempFile::new()?; + /// writeln!(file, "Brian was here. Briefly.")?; + /// + /// let path = file.into_temp_path(); + /// path.persist("./saved_file.txt")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`PathPersistError`]: struct.PathPersistError.html + pub fn persist<P: AsRef<Path>>(mut self, new_path: P) -> Result<(), PathPersistError> { + match imp::persist(&self.path, new_path.as_ref(), true) { + Ok(_) => { + // Don't drop `self`. We don't want to try deleting the old + // temporary file path. (It'll fail, but the failure is never + // seen.) + self.path = PathBuf::new().into_boxed_path(); + mem::forget(self); + Ok(()) + } + Err(e) => Err(PathPersistError { + error: e, + path: self, + }), + } + } + + /// Persist the temporary file at the target path if and only if no file exists there. + /// + /// If a file exists at the target path, fail. If this method fails, it will + /// return `self` in the resulting [`PathPersistError`]. + /// + /// Note: Temporary files cannot be persisted across filesystems. Also Note: + /// This method is not atomic. It can leave the original link to the + /// temporary file behind. + /// + /// # Security + /// + /// Only use this method if you're positive that a temporary file cleaner + /// won't have deleted your file. Otherwise, you might end up persisting an + /// attacker controlled file. + /// + /// # Errors + /// + /// If the file cannot be moved to the new location or a file already exists + /// there, `Err` is returned. + /// + /// # Examples + /// + /// ```no_run + /// use tempfile::NamedTempFile; + /// use std::io::Write; + /// + /// let mut file = NamedTempFile::new()?; + /// writeln!(file, "Brian was here. Briefly.")?; + /// + /// let path = file.into_temp_path(); + /// path.persist_noclobber("./saved_file.txt")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`PathPersistError`]: struct.PathPersistError.html + pub fn persist_noclobber<P: AsRef<Path>>( + mut self, + new_path: P, + ) -> Result<(), PathPersistError> { + match imp::persist(&self.path, new_path.as_ref(), false) { + Ok(_) => { + // Don't drop `self`. We don't want to try deleting the old + // temporary file path. (It'll fail, but the failure is never + // seen.) + self.path = PathBuf::new().into_boxed_path(); + mem::forget(self); + Ok(()) + } + Err(e) => Err(PathPersistError { + error: e, + path: self, + }), + } + } + + /// Keep the temporary file from being deleted. This function will turn the + /// temporary file into a non-temporary file without moving it. + /// + /// # Errors + /// + /// On some platforms (e.g., Windows), we need to mark the file as + /// non-temporary. This operation could fail. + /// + /// # Examples + /// + /// ```no_run + /// use std::io::Write; + /// use tempfile::NamedTempFile; + /// + /// let mut file = NamedTempFile::new()?; + /// writeln!(file, "Brian was here. Briefly.")?; + /// + /// let path = file.into_temp_path(); + /// let path = path.keep()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`PathPersistError`]: struct.PathPersistError.html + pub fn keep(mut self) -> Result<PathBuf, PathPersistError> { + match imp::keep(&self.path) { + Ok(_) => { + self.disable_cleanup(true); + Ok(mem::replace( + &mut self.path, + // Replace with an empty boxed path buf, this doesn't allocate. + PathBuf::new().into_boxed_path(), + ) + .into_path_buf()) + } + Err(e) => Err(PathPersistError { + error: e, + path: self, + }), + } + } + + /// Disable cleanup of the temporary file. If `disable_cleanup` is `true`, the temporary file + /// will not be deleted when this `TempPath` is dropped. This method is equivalent to calling + /// [`Builder::disable_cleanup`] when creating the original `NamedTempFile`, which see for + /// relevant warnings. + /// + /// **NOTE:** this method is primarily useful for testing/debugging. If you want to simply turn + /// a temporary file-path into a non-temporary file-path, prefer [`TempPath::keep`]. + pub fn disable_cleanup(&mut self, disable_cleanup: bool) { + self.disable_cleanup = disable_cleanup + } + + /// Create a new TempPath from an existing path. This can be done even if no + /// file exists at the given path. + /// + /// This is mostly useful for interacting with libraries and external + /// components that provide files to be consumed or expect a path with no + /// existing file to be given. + pub fn from_path(path: impl Into<PathBuf>) -> Self { + Self { + path: path.into().into_boxed_path(), + disable_cleanup: false, + } + } + + pub(crate) fn new(path: PathBuf, disable_cleanup: bool) -> Self { + Self { + path: path.into_boxed_path(), + disable_cleanup, + } + } +} + +impl fmt::Debug for TempPath { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + self.path.fmt(f) + } +} + +impl Drop for TempPath { + fn drop(&mut self) { + if !self.disable_cleanup { + let _ = fs::remove_file(&self.path); + } + } +} + +impl Deref for TempPath { + type Target = Path; + + fn deref(&self) -> &Path { + &self.path + } +} + +impl AsRef<Path> for TempPath { + fn as_ref(&self) -> &Path { + &self.path + } +} + +impl AsRef<OsStr> for TempPath { + fn as_ref(&self) -> &OsStr { + self.path.as_os_str() + } +} + +/// A named temporary file. +/// +/// The default constructor, [`NamedTempFile::new()`], creates files in +/// the location returned by [`env::temp_dir()`], but `NamedTempFile` +/// can be configured to manage a temporary file in any location +/// by constructing with [`NamedTempFile::new_in()`]. +/// +/// # Security +/// +/// Most operating systems employ temporary file cleaners to delete old +/// temporary files. Unfortunately these temporary file cleaners don't always +/// reliably _detect_ whether the temporary file is still being used. +/// +/// Specifically, the following sequence of events can happen: +/// +/// 1. A user creates a temporary file with `NamedTempFile::new()`. +/// 2. Time passes. +/// 3. The temporary file cleaner deletes (unlinks) the temporary file from the +/// filesystem. +/// 4. Some other program creates a new file to replace this deleted temporary +/// file. +/// 5. The user tries to re-open the temporary file (in the same program or in a +/// different program) by path. Unfortunately, they'll end up opening the +/// file created by the other program, not the original file. +/// +/// ## Operating System Specific Concerns +/// +/// The behavior of temporary files and temporary file cleaners differ by +/// operating system. +/// +/// ### Windows +/// +/// On Windows, temporary files are, by default, created in per-user temporary +/// file directories so only an application running as the same user would be +/// able to interfere (which they could do anyways). However, an application +/// running as the same user can still _accidentally_ re-create deleted +/// temporary files if the number of random bytes in the temporary file name is +/// too small. +/// +/// ### MacOS +/// +/// Like on Windows, temporary files are created in per-user temporary file +/// directories by default so calling `NamedTempFile::new()` should be +/// relatively safe. +/// +/// ### Linux +/// +/// Unfortunately, most _Linux_ distributions don't create per-user temporary +/// file directories. Worse, systemd's tmpfiles daemon (a common temporary file +/// cleaner) will happily remove open temporary files if they haven't been +/// modified within the last 10 days. +/// +/// # Resource Leaking +/// +/// If the program exits before the `NamedTempFile` destructor is +/// run, the temporary file will not be deleted. This can happen +/// if the process exits using [`std::process::exit()`], a segfault occurs, +/// receiving an interrupt signal like `SIGINT` that is not handled, or by using +/// a statically declared `NamedTempFile` instance (like with [`lazy_static`]). +/// +/// Use the [`tempfile()`] function unless you need a named file path. +/// +/// [`tempfile()`]: fn.tempfile.html +/// [`NamedTempFile::new()`]: #method.new +/// [`NamedTempFile::new_in()`]: #method.new_in +/// [`std::process::exit()`]: http://doc.rust-lang.org/std/process/fn.exit.html +/// [`lazy_static`]: https://github.com/rust-lang-nursery/lazy-static.rs/issues/62 +pub struct NamedTempFile<F = File> { + path: TempPath, + file: F, +} + +impl<F> fmt::Debug for NamedTempFile<F> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "NamedTempFile({:?})", self.path) + } +} + +impl<F> AsRef<Path> for NamedTempFile<F> { + #[inline] + fn as_ref(&self) -> &Path { + self.path() + } +} + +/// Error returned when persisting a temporary file fails. +pub struct PersistError<F = File> { + /// The underlying IO error. + pub error: io::Error, + /// The temporary file that couldn't be persisted. + pub file: NamedTempFile<F>, +} + +impl<F> fmt::Debug for PersistError<F> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "PersistError({:?})", self.error) + } +} + +impl<F> From<PersistError<F>> for io::Error { + #[inline] + fn from(error: PersistError<F>) -> io::Error { + error.error + } +} + +impl<F> From<PersistError<F>> for NamedTempFile<F> { + #[inline] + fn from(error: PersistError<F>) -> NamedTempFile<F> { + error.file + } +} + +impl<F> fmt::Display for PersistError<F> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "failed to persist temporary file: {}", self.error) + } +} + +impl<F> error::Error for PersistError<F> { + fn source(&self) -> Option<&(dyn error::Error + 'static)> { + Some(&self.error) + } +} + +impl NamedTempFile<File> { + /// Create a new named temporary file. + /// + /// See [`Builder`] for more configuration. + /// + /// # Security + /// + /// This will create a temporary file in the default temporary file + /// directory (platform dependent). This has security implications on many + /// platforms so please read the security section of this type's + /// documentation. + /// + /// Reasons to use this method: + /// + /// 1. The file has a short lifetime and your temporary file cleaner is + /// sane (doesn't delete recently accessed files). + /// + /// 2. You trust every user on your system (i.e. you are the only user). + /// + /// 3. You have disabled your system's temporary file cleaner or verified + /// that your system doesn't have a temporary file cleaner. + /// + /// Reasons not to use this method: + /// + /// 1. You'll fix it later. No you won't. + /// + /// 2. You don't care about the security of the temporary file. If none of + /// the "reasons to use this method" apply, referring to a temporary + /// file by name may allow an attacker to create/overwrite your + /// non-temporary files. There are exceptions but if you don't already + /// know them, don't use this method. + /// + /// # Errors + /// + /// If the file can not be created, `Err` is returned. + /// + /// # Examples + /// + /// Create a named temporary file and write some data to it: + /// + /// ```no_run + /// use std::io::Write; + /// use tempfile::NamedTempFile; + /// + /// let mut file = NamedTempFile::new()?; + /// + /// writeln!(file, "Brian was here. Briefly.")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`Builder`]: struct.Builder.html + pub fn new() -> io::Result<NamedTempFile> { + Builder::new().tempfile() + } + + /// Create a new named temporary file in the specified directory. + /// + /// This is equivalent to: + /// + /// ```ignore + /// Builder::new().tempfile_in(dir) + /// ``` + /// + /// See [`NamedTempFile::new()`] for details. + /// + /// [`NamedTempFile::new()`]: #method.new + pub fn new_in<P: AsRef<Path>>(dir: P) -> io::Result<NamedTempFile> { + Builder::new().tempfile_in(dir) + } + + /// Create a new named temporary file with the specified filename suffix. + /// + /// See [`NamedTempFile::new()`] for details. + /// + /// [`NamedTempFile::new()`]: #method.new + pub fn with_suffix<S: AsRef<OsStr>>(suffix: S) -> io::Result<NamedTempFile> { + Builder::new().suffix(&suffix).tempfile() + } + /// Create a new named temporary file with the specified filename suffix, + /// in the specified directory. + /// + /// This is equivalent to: + /// + /// ```ignore + /// Builder::new().suffix(&suffix).tempfile_in(directory) + /// ``` + /// + /// See [`NamedTempFile::new()`] for details. + /// + /// [`NamedTempFile::new()`]: #method.new + pub fn with_suffix_in<S: AsRef<OsStr>, P: AsRef<Path>>( + suffix: S, + dir: P, + ) -> io::Result<NamedTempFile> { + Builder::new().suffix(&suffix).tempfile_in(dir) + } + + /// Create a new named temporary file with the specified filename prefix. + /// + /// See [`NamedTempFile::new()`] for details. + /// + /// [`NamedTempFile::new()`]: #method.new + pub fn with_prefix<S: AsRef<OsStr>>(prefix: S) -> io::Result<NamedTempFile> { + Builder::new().prefix(&prefix).tempfile() + } + /// Create a new named temporary file with the specified filename prefix, + /// in the specified directory. + /// + /// This is equivalent to: + /// + /// ```ignore + /// Builder::new().prefix(&prefix).tempfile_in(directory) + /// ``` + /// + /// See [`NamedTempFile::new()`] for details. + /// + /// [`NamedTempFile::new()`]: #method.new + pub fn with_prefix_in<S: AsRef<OsStr>, P: AsRef<Path>>( + prefix: S, + dir: P, + ) -> io::Result<NamedTempFile> { + Builder::new().prefix(&prefix).tempfile_in(dir) + } +} + +impl<F> NamedTempFile<F> { + /// Get the temporary file's path. + /// + /// # Security + /// + /// Referring to a temporary file's path may not be secure in all cases. + /// Please read the security section on the top level documentation of this + /// type for details. + /// + /// # Examples + /// + /// ```no_run + /// use tempfile::NamedTempFile; + /// + /// let file = NamedTempFile::new()?; + /// + /// println!("{:?}", file.path()); + /// # Ok::<(), std::io::Error>(()) + /// ``` + #[inline] + pub fn path(&self) -> &Path { + &self.path + } + + /// Close and remove the temporary file. + /// + /// Use this if you want to detect errors in deleting the file. + /// + /// # Errors + /// + /// If the file cannot be deleted, `Err` is returned. + /// + /// # Examples + /// + /// ```no_run + /// use tempfile::NamedTempFile; + /// + /// let file = NamedTempFile::new()?; + /// + /// // By closing the `NamedTempFile` explicitly, we can check that it has + /// // been deleted successfully. If we don't close it explicitly, + /// // the file will still be deleted when `file` goes out + /// // of scope, but we won't know whether deleting the file + /// // succeeded. + /// file.close()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn close(self) -> io::Result<()> { + let NamedTempFile { path, .. } = self; + path.close() + } + + /// Persist the temporary file at the target path. + /// + /// If a file exists at the target path, persist will atomically replace it. + /// If this method fails, it will return `self` in the resulting + /// [`PersistError`]. + /// + /// **Note:** Temporary files cannot be persisted across filesystems. Also + /// neither the file contents nor the containing directory are + /// synchronized, so the update may not yet have reached the disk when + /// `persist` returns. + /// + /// # Security + /// + /// This method persists the temporary file using its path and may not be + /// secure in all cases. Please read the security section on the top + /// level documentation of this type for details. + /// + /// # Errors + /// + /// If the file cannot be moved to the new location, `Err` is returned. + /// + /// # Examples + /// + /// ```no_run + /// use std::io::Write; + /// use tempfile::NamedTempFile; + /// + /// let file = NamedTempFile::new()?; + /// + /// let mut persisted_file = file.persist("./saved_file.txt")?; + /// writeln!(persisted_file, "Brian was here. Briefly.")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`PersistError`]: struct.PersistError.html + pub fn persist<P: AsRef<Path>>(self, new_path: P) -> Result<F, PersistError<F>> { + let NamedTempFile { path, file } = self; + match path.persist(new_path) { + Ok(_) => Ok(file), + Err(err) => { + let PathPersistError { error, path } = err; + Err(PersistError { + file: NamedTempFile { path, file }, + error, + }) + } + } + } + + /// Persist the temporary file at the target path if and only if no file exists there. + /// + /// If a file exists at the target path, fail. If this method fails, it will + /// return `self` in the resulting PersistError. + /// + /// **Note:** Temporary files cannot be persisted across filesystems. + /// + /// **Atomicity:** This method is not guaranteed to be atomic on all platforms, although it will + /// generally be atomic on Windows and modern Linux filesystems. While it will never overwrite a + /// file at the target path, it may leave the original link to the temporary file behind leaving + /// you with two [hard links][hardlink] in your filesystem pointing at the same underlying file. + /// This can happen if either (a) we lack permission to "unlink" the original filename; (b) this + /// program crashes while persisting the temporary file; or (c) the filesystem is removed, + /// unmounted, etc. while we're performing this operation. + /// + /// # Security + /// + /// This method persists the temporary file using its path and may not be + /// secure in all cases. Please read the security section on the top + /// level documentation of this type for details. + /// + /// # Errors + /// + /// If the file cannot be moved to the new location or a file already exists there, + /// `Err` is returned. + /// + /// # Examples + /// + /// ```no_run + /// use std::io::Write; + /// use tempfile::NamedTempFile; + /// + /// let file = NamedTempFile::new()?; + /// + /// let mut persisted_file = file.persist_noclobber("./saved_file.txt")?; + /// writeln!(persisted_file, "Brian was here. Briefly.")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [hardlink]: https://en.wikipedia.org/wiki/Hard_link + pub fn persist_noclobber<P: AsRef<Path>>(self, new_path: P) -> Result<F, PersistError<F>> { + let NamedTempFile { path, file } = self; + match path.persist_noclobber(new_path) { + Ok(_) => Ok(file), + Err(err) => { + let PathPersistError { error, path } = err; + Err(PersistError { + file: NamedTempFile { path, file }, + error, + }) + } + } + } + + /// Keep the temporary file from being deleted. This function will turn the + /// temporary file into a non-temporary file without moving it. + /// + /// # Errors + /// + /// On some platforms (e.g., Windows), we need to mark the file as + /// non-temporary. This operation could fail. + /// + /// # Examples + /// + /// ```no_run + /// use std::io::Write; + /// use tempfile::NamedTempFile; + /// + /// let mut file = NamedTempFile::new()?; + /// writeln!(file, "Brian was here. Briefly.")?; + /// + /// let (file, path) = file.keep()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [`PathPersistError`]: struct.PathPersistError.html + pub fn keep(self) -> Result<(F, PathBuf), PersistError<F>> { + let (file, path) = (self.file, self.path); + match path.keep() { + Ok(path) => Ok((file, path)), + Err(PathPersistError { error, path }) => Err(PersistError { + file: NamedTempFile { path, file }, + error, + }), + } + } + + /// Disable cleanup of the temporary file. If `disable_cleanup` is `true`, the temporary file + /// will not be deleted when this `TempPath` is dropped. This method is equivalent to calling + /// [`Builder::disable_cleanup`] when creating the original `NamedTempFile`, which see for + /// relevant warnings. + /// + /// **NOTE:** this method is primarily useful for testing/debugging. If you want to simply turn + /// a temporary file into a non-temporary file, prefer [`NamedTempFile::keep`]. + pub fn disable_cleanup(&mut self, disable_cleanup: bool) { + self.path.disable_cleanup(disable_cleanup) + } + + /// Get a reference to the underlying file. + pub fn as_file(&self) -> &F { + &self.file + } + + /// Get a mutable reference to the underlying file. + pub fn as_file_mut(&mut self) -> &mut F { + &mut self.file + } + + /// Turn this named temporary file into an "unnamed" temporary file as if you + /// had constructed it with [`tempfile()`]. + /// + /// The underlying file will be removed from the filesystem but the returned [`File`] + /// can still be read/written. + pub fn into_file(self) -> F { + self.file + } + + /// Closes the file, leaving only the temporary file path. + /// + /// This is useful when another process must be able to open the temporary + /// file. + pub fn into_temp_path(self) -> TempPath { + self.path + } + + /// Converts the named temporary file into its constituent parts. + /// + /// Note: When the path is dropped, the underlying file will be removed from the filesystem but + /// the returned [`File`] can still be read/written. + pub fn into_parts(self) -> (F, TempPath) { + (self.file, self.path) + } + + /// Creates a `NamedTempFile` from its constituent parts. + /// + /// This can be used with [`NamedTempFile::into_parts`] to reconstruct the + /// `NamedTempFile`. + pub fn from_parts(file: F, path: TempPath) -> Self { + Self { file, path } + } +} + +impl NamedTempFile<File> { + /// Securely reopen the temporary file. + /// + /// This function is useful when you need multiple independent handles to + /// the same file. It's perfectly fine to drop the original `NamedTempFile` + /// while holding on to `File`s returned by this function; the `File`s will + /// remain usable. However, they may not be nameable. + /// + /// # Errors + /// + /// If the file cannot be reopened, `Err` is returned. + /// + /// # Security + /// + /// Unlike `File::open(my_temp_file.path())`, `NamedTempFile::reopen()` + /// guarantees that the re-opened file is the _same_ file, even in the + /// presence of pathological temporary file cleaners. + /// + /// # Examples + /// + /// ```no_run + /// use tempfile::NamedTempFile; + /// + /// let file = NamedTempFile::new()?; + /// + /// let another_handle = file.reopen()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn reopen(&self) -> io::Result<File> { + imp::reopen(self.as_file(), NamedTempFile::path(self)) + .with_err_path(|| NamedTempFile::path(self)) + } +} + +impl<F: Read> Read for NamedTempFile<F> { + fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { + self.as_file_mut().read(buf).with_err_path(|| self.path()) + } + + fn read_vectored(&mut self, bufs: &mut [io::IoSliceMut<'_>]) -> io::Result<usize> { + self.as_file_mut() + .read_vectored(bufs) + .with_err_path(|| self.path()) + } + + fn read_to_end(&mut self, buf: &mut Vec<u8>) -> io::Result<usize> { + self.as_file_mut() + .read_to_end(buf) + .with_err_path(|| self.path()) + } + + fn read_to_string(&mut self, buf: &mut String) -> io::Result<usize> { + self.as_file_mut() + .read_to_string(buf) + .with_err_path(|| self.path()) + } + + fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()> { + self.as_file_mut() + .read_exact(buf) + .with_err_path(|| self.path()) + } +} + +impl Read for &NamedTempFile<File> { + fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { + self.as_file().read(buf).with_err_path(|| self.path()) + } + + fn read_vectored(&mut self, bufs: &mut [io::IoSliceMut<'_>]) -> io::Result<usize> { + self.as_file() + .read_vectored(bufs) + .with_err_path(|| self.path()) + } + + fn read_to_end(&mut self, buf: &mut Vec<u8>) -> io::Result<usize> { + self.as_file() + .read_to_end(buf) + .with_err_path(|| self.path()) + } + + fn read_to_string(&mut self, buf: &mut String) -> io::Result<usize> { + self.as_file() + .read_to_string(buf) + .with_err_path(|| self.path()) + } + + fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()> { + self.as_file().read_exact(buf).with_err_path(|| self.path()) + } +} + +impl<F: Write> Write for NamedTempFile<F> { + fn write(&mut self, buf: &[u8]) -> io::Result<usize> { + self.as_file_mut().write(buf).with_err_path(|| self.path()) + } + #[inline] + fn flush(&mut self) -> io::Result<()> { + self.as_file_mut().flush().with_err_path(|| self.path()) + } + + fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result<usize> { + self.as_file_mut() + .write_vectored(bufs) + .with_err_path(|| self.path()) + } + + fn write_all(&mut self, buf: &[u8]) -> io::Result<()> { + self.as_file_mut() + .write_all(buf) + .with_err_path(|| self.path()) + } + + fn write_fmt(&mut self, fmt: fmt::Arguments<'_>) -> io::Result<()> { + self.as_file_mut() + .write_fmt(fmt) + .with_err_path(|| self.path()) + } +} + +impl Write for &NamedTempFile<File> { + fn write(&mut self, buf: &[u8]) -> io::Result<usize> { + self.as_file().write(buf).with_err_path(|| self.path()) + } + #[inline] + fn flush(&mut self) -> io::Result<()> { + self.as_file().flush().with_err_path(|| self.path()) + } + + fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result<usize> { + self.as_file() + .write_vectored(bufs) + .with_err_path(|| self.path()) + } + + fn write_all(&mut self, buf: &[u8]) -> io::Result<()> { + self.as_file().write_all(buf).with_err_path(|| self.path()) + } + + fn write_fmt(&mut self, fmt: fmt::Arguments<'_>) -> io::Result<()> { + self.as_file().write_fmt(fmt).with_err_path(|| self.path()) + } +} + +impl<F: Seek> Seek for NamedTempFile<F> { + fn seek(&mut self, pos: SeekFrom) -> io::Result<u64> { + self.as_file_mut().seek(pos).with_err_path(|| self.path()) + } +} + +impl Seek for &NamedTempFile<File> { + fn seek(&mut self, pos: SeekFrom) -> io::Result<u64> { + self.as_file().seek(pos).with_err_path(|| self.path()) + } +} + +#[cfg(any(unix, target_os = "wasi"))] +impl<F: AsFd> AsFd for NamedTempFile<F> { + fn as_fd(&self) -> BorrowedFd<'_> { + self.as_file().as_fd() + } +} + +#[cfg(any(unix, target_os = "wasi"))] +impl<F: AsRawFd> AsRawFd for NamedTempFile<F> { + #[inline] + fn as_raw_fd(&self) -> RawFd { + self.as_file().as_raw_fd() + } +} + +#[cfg(windows)] +impl<F: AsHandle> AsHandle for NamedTempFile<F> { + #[inline] + fn as_handle(&self) -> BorrowedHandle<'_> { + self.as_file().as_handle() + } +} + +#[cfg(windows)] +impl<F: AsRawHandle> AsRawHandle for NamedTempFile<F> { + #[inline] + fn as_raw_handle(&self) -> RawHandle { + self.as_file().as_raw_handle() + } +} + +pub(crate) fn create_named( + path: PathBuf, + open_options: &mut OpenOptions, + permissions: Option<&std::fs::Permissions>, + keep: bool, +) -> io::Result<NamedTempFile> { + imp::create_named(&path, open_options, permissions) + .with_err_path(|| path.clone()) + .map(|file| NamedTempFile { + path: TempPath { + path: path.into_boxed_path(), + disable_cleanup: keep, + }, + file, + }) +} diff --git a/vendor/tempfile/src/lib.rs b/vendor/tempfile/src/lib.rs new file mode 100644 index 00000000..64137ad5 --- /dev/null +++ b/vendor/tempfile/src/lib.rs @@ -0,0 +1,760 @@ +//! This is a library for creating temporary files and directories that are automatically deleted +//! when no longer referenced (i.e., on drop). +//! +//! - Use [`tempfile()`] when you need a real [`std::fs::File`] but don't need to refer to it +//! by-path. +//! - Use [`NamedTempFile::new()`] when you need a _named_ temporary file that can be refered to its +//! path. +//! - Use [`tempdir()`] when you need a temporary directory that will be recursively deleted on drop. +//! - Use [`spooled_tempfile()`] when you need an in-memory buffer that will ultimately be backed by +//! a temporary file if it gets too large. +//! +//! # Design +//! +//! This crate provides several approaches to creating temporary files and directories. +//! [`tempfile()`] relies on the OS to remove the temporary file once the last handle is closed. +//! [`TempDir`] and [`NamedTempFile`] both rely on Rust destructors for cleanup. +//! +//! ## Resource Leaking +//! +//! `tempfile` will (almost) never fail to cleanup temporary resources. However `TempDir` and +//! `NamedTempFile` will fail if their destructors don't run. This is because `tempfile` relies on +//! the OS to cleanup the underlying file, while `TempDir` and `NamedTempFile` rely on rust +//! destructors to do so. Destructors may fail to run if the process exits through an unhandled +//! signal interrupt (like `SIGINT`), or if the instance is declared statically (like with +//! [`lazy_static`]), among other possible reasons. +//! +//! ## Unexpected File Deletion +//! +//! Most operating systems periodically clean up temporary files that haven't been accessed recently +//! (often on the order of multiple days). This issue does not affect unnamed temporary files but +//! can invalidate the paths associated with named temporary files on Unix-like systems because the +//! temporary file can be unlinked from the filesystem while still open and in-use. See the +//! [temporary file cleaner](#temporary-file-cleaners) section for more security implications. +//! +//! ## Security +//! +//! This section discusses security issues relevant to Unix-like operating systems that use shared +//! temporary directories by default. Importantly, it's not relevant for Windows or macOS as both +//! operating systems use private per-user temporary directories by default. +//! +//! Applications can mitigate the issues described below by using [`env::override_temp_dir`] to +//! change the default temporary directory but should do so if and only if default the temporary +//! directory ([`env::temp_dir`]) is unsuitable (is world readable, world writable, managed by a +//! temporary file cleaner, etc.). +//! +//! ### Temporary File Cleaners +//! +//! In the presence of pathological temporary file cleaner, relying on file paths is unsafe because +//! a temporary file cleaner could delete the temporary file which an attacker could then replace. +//! +//! This isn't an issue for [`tempfile`] as it doesn't rely on file paths. However, [`NamedTempFile`] +//! and temporary directories _do_ rely on file paths for _some_ operations. See the security +//! documentation on the [`NamedTempFile`] and the [`TempDir`] types for more information. +//! +//! Mitigation: +//! +//! - This is rarely an issue for short-lived files as temporary file cleaners usually only remove +//! temporary files that haven't been modified or accessed within many (10-30) days. +//! - Very long lived temporary files should be placed in directories not managed by temporary file +//! cleaners. +//! +//! ### Access Permissions +//! +//! Temporary _files_ created with this library are private by default on all operating systems. +//! However, temporary _directories_ are created with the default permissions and will therefore be +//! world-readable by default unless the user has changed their umask and/or default temporary +//! directory. +//! +//! ### Denial of Service +//! +//! If the file-name randomness ([`Builder::rand_bytes`]) is too small and/or this crate is built +//! without the `getrandom` feature, it may be possible for an attacker to predict the random file +//! names chosen by this library, preventing temporary file creation by creating temporary files +//! with these predicted file names. By default, this library mitigates this denial of service +//! attack by: +//! +//! 1. Defaulting to 6 random characters per temporary file forcing an attacker to create billions +//! of files before random collisions are expected (at which point you probably have larger +//! problems). +//! 2. Re-seeding the random filename generator from system randomness after 3 failed attempts to +//! create temporary a file (when the `getrandom` feature is enabled as it is by default on all +//! major platforms). +//! +//! ## Early drop pitfall +//! +//! Because `TempDir` and `NamedTempFile` rely on their destructors for cleanup, this can lead +//! to an unexpected early removal of the directory/file, usually when working with APIs which are +//! generic over `AsRef<Path>`. Consider the following example: +//! +//! ```no_run +//! use tempfile::tempdir; +//! use std::process::Command; +//! +//! // Create a directory inside of `env::temp_dir()`. +//! let temp_dir = tempdir()?; +//! +//! // Spawn the `touch` command inside the temporary directory and collect the exit status +//! // Note that `temp_dir` is **not** moved into `current_dir`, but passed as a reference +//! let exit_status = Command::new("touch").arg("tmp").current_dir(&temp_dir).status()?; +//! assert!(exit_status.success()); +//! +//! # Ok::<(), std::io::Error>(()) +//! ``` +//! +//! This works because a reference to `temp_dir` is passed to `current_dir`, resulting in the +//! destructor of `temp_dir` being run after the `Command` has finished execution. Moving the +//! `TempDir` into the `current_dir` call would result in the `TempDir` being converted into +//! an internal representation, with the original value being dropped and the directory thus +//! being deleted, before the command can be executed. +//! +//! The `touch` command would fail with an `No such file or directory` error. +//! +//! ## Examples +//! +//! Create a temporary file and write some data into it: +//! +//! ``` +//! use tempfile::tempfile; +//! use std::io::Write; +//! +//! // Create a file inside of `env::temp_dir()`. +//! let mut file = tempfile()?; +//! +//! writeln!(file, "Brian was here. Briefly.")?; +//! # Ok::<(), std::io::Error>(()) +//! ``` +//! +//! Create a named temporary file and open an independent file handle: +//! +//! ``` +//! use tempfile::NamedTempFile; +//! use std::io::{Write, Read}; +//! +//! let text = "Brian was here. Briefly."; +//! +//! // Create a file inside of `env::temp_dir()`. +//! let mut file1 = NamedTempFile::new()?; +//! +//! // Re-open it. +//! let mut file2 = file1.reopen()?; +//! +//! // Write some test data to the first handle. +//! file1.write_all(text.as_bytes())?; +//! +//! // Read the test data using the second handle. +//! let mut buf = String::new(); +//! file2.read_to_string(&mut buf)?; +//! assert_eq!(buf, text); +//! # Ok::<(), std::io::Error>(()) +//! ``` +//! +//! Create a temporary directory and add a file to it: +//! +//! ``` +//! use tempfile::tempdir; +//! use std::fs::File; +//! use std::io::Write; +//! +//! // Create a directory inside of `env::temp_dir()`. +//! let dir = tempdir()?; +//! +//! let file_path = dir.path().join("my-temporary-note.txt"); +//! let mut file = File::create(file_path)?; +//! writeln!(file, "Brian was here. Briefly.")?; +//! +//! // By closing the `TempDir` explicitly, we can check that it has +//! // been deleted successfully. If we don't close it explicitly, +//! // the directory will still be deleted when `dir` goes out +//! // of scope, but we won't know whether deleting the directory +//! // succeeded. +//! drop(file); +//! dir.close()?; +//! # Ok::<(), std::io::Error>(()) +//! ``` +//! +//! [`tempfile()`]: fn.tempfile.html +//! [`tempdir()`]: fn.tempdir.html +//! [`TempDir`]: struct.TempDir.html +//! [`NamedTempFile`]: struct.NamedTempFile.html +//! [`lazy_static`]: https://github.com/rust-lang-nursery/lazy-static.rs/issues/62 + +#![doc( + html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk-v2.png", + html_favicon_url = "https://www.rust-lang.org/favicon.ico", + html_root_url = "https://docs.rs/tempfile/latest" +)] +#![cfg_attr(test, deny(warnings))] +#![deny(rust_2018_idioms)] +#![allow(clippy::redundant_field_names)] +// wasip2 conditionally gates stdlib APIs. +// https://github.com/rust-lang/rust/issues/130323 +#![cfg_attr( + all(feature = "nightly", target_os = "wasi", target_env = "p2"), + feature(wasip2) +)] +#![cfg_attr(all(feature = "nightly", target_os = "wasi"), feature(wasi_ext))] + +#[cfg(doctest)] +doc_comment::doctest!("../README.md"); + +const NUM_RETRIES: u32 = 65536; +const NUM_RAND_CHARS: usize = 6; + +use std::ffi::OsStr; +use std::fs::OpenOptions; +use std::io; +use std::path::Path; + +mod dir; +mod error; +mod file; +mod spooled; +mod util; + +pub mod env; + +pub use crate::dir::{tempdir, tempdir_in, TempDir}; +pub use crate::file::{ + tempfile, tempfile_in, NamedTempFile, PathPersistError, PersistError, TempPath, +}; +pub use crate::spooled::{spooled_tempfile, spooled_tempfile_in, SpooledData, SpooledTempFile}; + +/// Create a new temporary file or directory with custom options. +#[derive(Debug, Clone, Eq, PartialEq)] +pub struct Builder<'a, 'b> { + random_len: usize, + prefix: &'a OsStr, + suffix: &'b OsStr, + append: bool, + permissions: Option<std::fs::Permissions>, + disable_cleanup: bool, +} + +impl Default for Builder<'_, '_> { + fn default() -> Self { + Builder { + random_len: crate::NUM_RAND_CHARS, + prefix: OsStr::new(".tmp"), + suffix: OsStr::new(""), + append: false, + permissions: None, + disable_cleanup: false, + } + } +} + +impl<'a, 'b> Builder<'a, 'b> { + /// Create a new `Builder`. + /// + /// # Examples + /// + /// Create a named temporary file and write some data into it: + /// + /// ``` + /// use std::ffi::OsStr; + /// use tempfile::Builder; + /// + /// let named_tempfile = Builder::new() + /// .prefix("my-temporary-note") + /// .suffix(".txt") + /// .rand_bytes(5) + /// .tempfile()?; + /// + /// let name = named_tempfile + /// .path() + /// .file_name().and_then(OsStr::to_str); + /// + /// if let Some(name) = name { + /// assert!(name.starts_with("my-temporary-note")); + /// assert!(name.ends_with(".txt")); + /// assert_eq!(name.len(), "my-temporary-note.txt".len() + 5); + /// } + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// Create a temporary directory and add a file to it: + /// + /// ``` + /// use std::io::Write; + /// use std::fs::File; + /// use std::ffi::OsStr; + /// use tempfile::Builder; + /// + /// let dir = Builder::new() + /// .prefix("my-temporary-dir") + /// .rand_bytes(5) + /// .tempdir()?; + /// + /// let file_path = dir.path().join("my-temporary-note.txt"); + /// let mut file = File::create(file_path)?; + /// writeln!(file, "Brian was here. Briefly.")?; + /// + /// // By closing the `TempDir` explicitly, we can check that it has + /// // been deleted successfully. If we don't close it explicitly, + /// // the directory will still be deleted when `dir` goes out + /// // of scope, but we won't know whether deleting the directory + /// // succeeded. + /// drop(file); + /// dir.close()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// Create a temporary directory with a chosen prefix under a chosen folder: + /// + /// ```no_run + /// use tempfile::Builder; + /// + /// let dir = Builder::new() + /// .prefix("my-temporary-dir") + /// .tempdir_in("folder-with-tempdirs")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + #[must_use] + pub fn new() -> Self { + Self::default() + } + + /// Set a custom filename prefix. + /// + /// Path separators are legal but not advisable. + /// Default: `.tmp`. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let named_tempfile = Builder::new() + /// .prefix("my-temporary-note") + /// .tempfile()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn prefix<S: AsRef<OsStr> + ?Sized>(&mut self, prefix: &'a S) -> &mut Self { + self.prefix = prefix.as_ref(); + self + } + + /// Set a custom filename suffix. + /// + /// Path separators are legal but not advisable. + /// Default: empty. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let named_tempfile = Builder::new() + /// .suffix(".txt") + /// .tempfile()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn suffix<S: AsRef<OsStr> + ?Sized>(&mut self, suffix: &'b S) -> &mut Self { + self.suffix = suffix.as_ref(); + self + } + + /// Set the number of random bytes. + /// + /// Default: `6`. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let named_tempfile = Builder::new() + /// .rand_bytes(5) + /// .tempfile()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn rand_bytes(&mut self, rand: usize) -> &mut Self { + self.random_len = rand; + self + } + + /// Set the file to be opened in append mode. + /// + /// Default: `false`. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let named_tempfile = Builder::new() + /// .append(true) + /// .tempfile()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn append(&mut self, append: bool) -> &mut Self { + self.append = append; + self + } + + /// The permissions to create the tempfile or [tempdir](Self::tempdir) with. + /// + /// # Security + /// + /// By default, the permissions of tempfiles on Unix are set for it to be + /// readable and writable by the owner only, yielding the greatest amount + /// of security. + /// As this method allows to widen the permissions, security would be + /// reduced in such cases. + /// + /// # Platform Notes + /// ## Unix + /// + /// The actual permission bits set on the tempfile or tempdir will be affected by the `umask` + /// applied by the underlying syscall. The actual permission bits are calculated via + /// `permissions & !umask`. + /// + /// Permissions default to `0o600` for tempfiles and `0o777` for tempdirs. Note, this doesn't + /// include effects of the current `umask`. For example, combined with the standard umask + /// `0o022`, the defaults yield `0o600` for tempfiles and `0o755` for tempdirs. + /// + /// ## Windows and others + /// + /// This setting is unsupported and trying to set a file or directory read-only + /// will return an error. + /// + /// # Examples + /// + /// Create a named temporary file that is world-readable. + /// + /// ``` + /// # #[cfg(unix)] + /// # { + /// use tempfile::Builder; + /// use std::os::unix::fs::PermissionsExt; + /// + /// let all_read_write = std::fs::Permissions::from_mode(0o666); + /// let tempfile = Builder::new().permissions(all_read_write).tempfile()?; + /// let actual_permissions = tempfile.path().metadata()?.permissions(); + /// assert_ne!( + /// actual_permissions.mode() & !0o170000, + /// 0o600, + /// "we get broader permissions than the default despite umask" + /// ); + /// # } + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// Create a named temporary directory that is restricted to the owner. + /// + /// ``` + /// # #[cfg(unix)] + /// # { + /// use tempfile::Builder; + /// use std::os::unix::fs::PermissionsExt; + /// + /// let owner_rwx = std::fs::Permissions::from_mode(0o700); + /// let tempdir = Builder::new().permissions(owner_rwx).tempdir()?; + /// let actual_permissions = tempdir.path().metadata()?.permissions(); + /// assert_eq!( + /// actual_permissions.mode() & !0o170000, + /// 0o700, + /// "we get the narrow permissions we asked for" + /// ); + /// # } + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn permissions(&mut self, permissions: std::fs::Permissions) -> &mut Self { + self.permissions = Some(permissions); + self + } + + /// Disable cleanup of the file/folder to even when the [`NamedTempFile`]/[`TempDir`] goes out + /// of scope. Prefer [`NamedTempFile::keep`] and `[`TempDir::keep`] where possible, + /// `disable_cleanup` is provided for testing & debugging. + /// + /// By default, the file/folder is automatically cleaned up in the destructor of + /// [`NamedTempFile`]/[`TempDir`]. When `disable_cleanup` is set to `true`, this behavior is + /// suppressed. If you wish to disable cleanup after creating a temporary file/directory, call + /// [`NamedTempFile::disable_cleanup`] or [`TempDir::disable_cleanup`]. + /// + /// # Warnings + /// + /// On some platforms (for now, only Windows), temporary files are marked with a special + /// "temporary file" (`FILE_ATTRIBUTE_TEMPORARY`) attribute. Disabling cleanup _will not_ unset + /// this attribute while calling [`NamedTempFile::keep`] will. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let named_tempfile = Builder::new() + /// .disable_cleanup(true) + /// .tempfile()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn disable_cleanup(&mut self, disable_cleanup: bool) -> &mut Self { + self.disable_cleanup = disable_cleanup; + self + } + + /// Deprecated alias for [`Builder::disable_cleanup`]. + #[deprecated = "Use Builder::disable_cleanup"] + pub fn keep(&mut self, keep: bool) -> &mut Self { + self.disable_cleanup(keep) + } + + /// Create the named temporary file. + /// + /// # Security + /// + /// See [the security][security] docs on `NamedTempFile`. + /// + /// # Resource leaking + /// + /// See [the resource leaking][resource-leaking] docs on `NamedTempFile`. + /// + /// # Errors + /// + /// If the file cannot be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let tempfile = Builder::new().tempfile()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [security]: struct.NamedTempFile.html#security + /// [resource-leaking]: struct.NamedTempFile.html#resource-leaking + pub fn tempfile(&self) -> io::Result<NamedTempFile> { + self.tempfile_in(env::temp_dir()) + } + + /// Create the named temporary file in the specified directory. + /// + /// # Security + /// + /// See [the security][security] docs on `NamedTempFile`. + /// + /// # Resource leaking + /// + /// See [the resource leaking][resource-leaking] docs on `NamedTempFile`. + /// + /// # Errors + /// + /// If the file cannot be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let tempfile = Builder::new().tempfile_in("./")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [security]: struct.NamedTempFile.html#security + /// [resource-leaking]: struct.NamedTempFile.html#resource-leaking + pub fn tempfile_in<P: AsRef<Path>>(&self, dir: P) -> io::Result<NamedTempFile> { + util::create_helper( + dir.as_ref(), + self.prefix, + self.suffix, + self.random_len, + |path| { + file::create_named( + path, + OpenOptions::new().append(self.append), + self.permissions.as_ref(), + self.disable_cleanup, + ) + }, + ) + } + + /// Attempts to make a temporary directory inside of [`env::temp_dir()`] whose + /// name will have the prefix, `prefix`. The directory and + /// everything inside it will be automatically deleted once the + /// returned `TempDir` is destroyed. + /// + /// # Resource leaking + /// + /// See [the resource leaking][resource-leaking] docs on `TempDir`. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let tmp_dir = Builder::new().tempdir()?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [resource-leaking]: struct.TempDir.html#resource-leaking + pub fn tempdir(&self) -> io::Result<TempDir> { + self.tempdir_in(env::temp_dir()) + } + + /// Attempts to make a temporary directory inside of `dir`. + /// The directory and everything inside it will be automatically + /// deleted once the returned `TempDir` is destroyed. + /// + /// # Resource leaking + /// + /// See [the resource leaking][resource-leaking] docs on `TempDir`. + /// + /// # Errors + /// + /// If the directory can not be created, `Err` is returned. + /// + /// # Examples + /// + /// ``` + /// use tempfile::Builder; + /// + /// let tmp_dir = Builder::new().tempdir_in("./")?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [resource-leaking]: struct.TempDir.html#resource-leaking + pub fn tempdir_in<P: AsRef<Path>>(&self, dir: P) -> io::Result<TempDir> { + util::create_helper( + dir.as_ref(), + self.prefix, + self.suffix, + self.random_len, + |path| dir::create(path, self.permissions.as_ref(), self.disable_cleanup), + ) + } + + /// Attempts to create a temporary file (or file-like object) using the + /// provided closure. The closure is passed a temporary file path and + /// returns an [`std::io::Result`]. The path provided to the closure will be + /// inside of [`env::temp_dir()`]. Use [`Builder::make_in`] to provide + /// a custom temporary directory. If the closure returns one of the + /// following errors, then another randomized file path is tried: + /// - [`std::io::ErrorKind::AlreadyExists`] + /// - [`std::io::ErrorKind::AddrInUse`] + /// + /// This can be helpful for taking full control over the file creation, but + /// leaving the temporary file path construction up to the library. This + /// also enables creating a temporary UNIX domain socket, since it is not + /// possible to bind to a socket that already exists. + /// + /// Note that [`Builder::append`] is ignored when using [`Builder::make`]. + /// + /// # Security + /// + /// This has the same [security implications][security] as + /// [`NamedTempFile`], but with additional caveats. Specifically, it is up + /// to the closure to ensure that the file does not exist and that such a + /// check is *atomic*. Otherwise, a [time-of-check to time-of-use + /// bug][TOCTOU] could be introduced. + /// + /// For example, the following is **not** secure: + /// + /// ``` + /// use std::fs::File; + /// use tempfile::Builder; + /// + /// // This is NOT secure! + /// let tempfile = Builder::new().make(|path| { + /// if path.is_file() { + /// return Err(std::io::ErrorKind::AlreadyExists.into()); + /// } + /// + /// // Between the check above and the usage below, an attacker could + /// // have replaced `path` with another file, which would get truncated + /// // by `File::create`. + /// + /// File::create(path) + /// })?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// Note that simply using [`std::fs::File::create`] alone is not correct + /// because it does not fail if the file already exists: + /// + /// ``` + /// use tempfile::Builder; + /// use std::fs::File; + /// + /// // This could overwrite an existing file! + /// let tempfile = Builder::new().make(|path| File::create(path))?; + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// For creating regular temporary files, use [`Builder::tempfile`] instead + /// to avoid these problems. This function is meant to enable more exotic + /// use-cases. + /// + /// # Resource leaking + /// + /// See [the resource leaking][resource-leaking] docs on `NamedTempFile`. + /// + /// # Errors + /// + /// If the closure returns any error besides + /// [`std::io::ErrorKind::AlreadyExists`] or + /// [`std::io::ErrorKind::AddrInUse`], then `Err` is returned. + /// + /// # Examples + /// ``` + /// # #[cfg(unix)] + /// # { + /// use std::os::unix::net::UnixListener; + /// use tempfile::Builder; + /// + /// let tempsock = Builder::new().make(|path| UnixListener::bind(path))?; + /// # } + /// # Ok::<(), std::io::Error>(()) + /// ``` + /// + /// [TOCTOU]: https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use + /// [security]: struct.NamedTempFile.html#security + /// [resource-leaking]: struct.NamedTempFile.html#resource-leaking + pub fn make<F, R>(&self, f: F) -> io::Result<NamedTempFile<R>> + where + F: FnMut(&Path) -> io::Result<R>, + { + self.make_in(env::temp_dir(), f) + } + + /// This is the same as [`Builder::make`], except `dir` is used as the base + /// directory for the temporary file path. + /// + /// See [`Builder::make`] for more details and security implications. + /// + /// # Examples + /// ``` + /// # #[cfg(unix)] + /// # { + /// use tempfile::Builder; + /// use std::os::unix::net::UnixListener; + /// + /// let tempsock = Builder::new().make_in("./", |path| UnixListener::bind(path))?; + /// # } + /// # Ok::<(), std::io::Error>(()) + /// ``` + pub fn make_in<F, R, P>(&self, dir: P, mut f: F) -> io::Result<NamedTempFile<R>> + where + F: FnMut(&Path) -> io::Result<R>, + P: AsRef<Path>, + { + util::create_helper( + dir.as_ref(), + self.prefix, + self.suffix, + self.random_len, + move |path| { + Ok(NamedTempFile::from_parts( + f(&path)?, + TempPath::new(path, self.disable_cleanup), + )) + }, + ) + } +} diff --git a/vendor/tempfile/src/spooled.rs b/vendor/tempfile/src/spooled.rs new file mode 100644 index 00000000..57ba9bea --- /dev/null +++ b/vendor/tempfile/src/spooled.rs @@ -0,0 +1,249 @@ +use crate::file::tempfile; +use crate::tempfile_in; +use std::fs::File; +use std::io::{self, Cursor, Read, Seek, SeekFrom, Write}; +use std::path::{Path, PathBuf}; + +/// A wrapper for the two states of a [`SpooledTempFile`]. Either: +/// +/// 1. An in-memory [`Cursor`] representing the state of the file. +/// 2. A temporary [`File`]. +#[derive(Debug)] +pub enum SpooledData { + InMemory(Cursor<Vec<u8>>), + OnDisk(File), +} + +/// An object that behaves like a regular temporary file, but keeps data in +/// memory until it reaches a configured size, at which point the data is +/// written to a temporary file on disk, and further operations use the file +/// on disk. +#[derive(Debug)] +pub struct SpooledTempFile { + max_size: usize, + dir: Option<PathBuf>, + inner: SpooledData, +} + +/// Create a new [`SpooledTempFile`]. Also see [`spooled_tempfile_in`]. +/// +/// # Security +/// +/// This variant is secure/reliable in the presence of a pathological temporary +/// file cleaner. +/// +/// # Backing Storage +/// +/// By default, the underlying temporary file will be created in your operating system's temporary +/// file directory which is _often_ an in-memory filesystem. You may want to consider using +/// [`spooled_tempfile_in`] instead, passing a storage-backed filesystem (e.g., `/var/tmp` on +/// Linux). +/// +/// # Resource Leaking +/// +/// The temporary file will be automatically removed by the OS when the last +/// handle to it is closed. This doesn't rely on Rust destructors being run, so +/// will (almost) never fail to clean up the temporary file. +/// +/// # Examples +/// +/// ``` +/// use tempfile::spooled_tempfile; +/// use std::io::Write; +/// +/// let mut file = spooled_tempfile(15); +/// +/// writeln!(file, "short line")?; +/// assert!(!file.is_rolled()); +/// +/// // as a result of this write call, the size of the data will exceed +/// // `max_size` (15), so it will be written to a temporary file on disk, +/// // and the in-memory buffer will be dropped +/// writeln!(file, "marvin gardens")?; +/// assert!(file.is_rolled()); +/// # Ok::<(), std::io::Error>(()) +/// ``` +#[inline] +pub fn spooled_tempfile(max_size: usize) -> SpooledTempFile { + SpooledTempFile::new(max_size) +} + +/// Construct a new [`SpooledTempFile`], backed by a file in the specified directory. Use this when, +/// e.g., you need the temporary file to be backed by a specific filesystem (e.g., when your default +/// temporary directory is in-memory). Also see [`spooled_tempfile`]. +/// +/// **NOTE:** The specified path isn't checked until the temporary file is "rolled over" into a real +/// temporary file. If the specified directory isn't writable, writes to the temporary file will +/// fail once the `max_size` is reached. +#[inline] +pub fn spooled_tempfile_in<P: AsRef<Path>>(max_size: usize, dir: P) -> SpooledTempFile { + SpooledTempFile::new_in(max_size, dir) +} + +/// Write a cursor into a temporary file, returning the temporary file. +fn cursor_to_tempfile(cursor: &Cursor<Vec<u8>>, p: &Option<PathBuf>) -> io::Result<File> { + let mut file = match p { + Some(p) => tempfile_in(p)?, + None => tempfile()?, + }; + file.write_all(cursor.get_ref())?; + file.seek(SeekFrom::Start(cursor.position()))?; + Ok(file) +} + +impl SpooledTempFile { + /// Construct a new [`SpooledTempFile`]. + #[must_use] + pub fn new(max_size: usize) -> SpooledTempFile { + SpooledTempFile { + max_size, + dir: None, + inner: SpooledData::InMemory(Cursor::new(Vec::new())), + } + } + + /// Construct a new [`SpooledTempFile`], backed by a file in the specified directory. + #[must_use] + pub fn new_in<P: AsRef<Path>>(max_size: usize, dir: P) -> SpooledTempFile { + SpooledTempFile { + max_size, + dir: Some(dir.as_ref().to_owned()), + inner: SpooledData::InMemory(Cursor::new(Vec::new())), + } + } + + /// Returns true if the file has been rolled over to disk. + #[must_use] + pub fn is_rolled(&self) -> bool { + match self.inner { + SpooledData::InMemory(_) => false, + SpooledData::OnDisk(_) => true, + } + } + + /// Rolls over to a file on disk, regardless of current size. Does nothing + /// if already rolled over. + pub fn roll(&mut self) -> io::Result<()> { + if let SpooledData::InMemory(cursor) = &mut self.inner { + self.inner = SpooledData::OnDisk(cursor_to_tempfile(cursor, &self.dir)?); + } + Ok(()) + } + + /// Truncate the file to the specified size. + pub fn set_len(&mut self, size: u64) -> Result<(), io::Error> { + if size > self.max_size as u64 { + self.roll()?; // does nothing if already rolled over + } + match &mut self.inner { + SpooledData::InMemory(cursor) => { + cursor.get_mut().resize(size as usize, 0); + Ok(()) + } + SpooledData::OnDisk(file) => file.set_len(size), + } + } + + /// Consumes and returns the inner `SpooledData` type. + #[must_use] + pub fn into_inner(self) -> SpooledData { + self.inner + } + + /// Convert into a regular unnamed temporary file, writing it to disk if necessary. + pub fn into_file(self) -> io::Result<File> { + match self.inner { + SpooledData::InMemory(cursor) => cursor_to_tempfile(&cursor, &self.dir), + SpooledData::OnDisk(file) => Ok(file), + } + } +} + +impl Read for SpooledTempFile { + fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.read(buf), + SpooledData::OnDisk(file) => file.read(buf), + } + } + + fn read_vectored(&mut self, bufs: &mut [io::IoSliceMut<'_>]) -> io::Result<usize> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.read_vectored(bufs), + SpooledData::OnDisk(file) => file.read_vectored(bufs), + } + } + + fn read_to_end(&mut self, buf: &mut Vec<u8>) -> io::Result<usize> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.read_to_end(buf), + SpooledData::OnDisk(file) => file.read_to_end(buf), + } + } + + fn read_to_string(&mut self, buf: &mut String) -> io::Result<usize> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.read_to_string(buf), + SpooledData::OnDisk(file) => file.read_to_string(buf), + } + } + + fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.read_exact(buf), + SpooledData::OnDisk(file) => file.read_exact(buf), + } + } +} + +impl Write for SpooledTempFile { + fn write(&mut self, buf: &[u8]) -> io::Result<usize> { + // roll over to file if necessary + if matches! { + &self.inner, SpooledData::InMemory(cursor) + if cursor.position().saturating_add(buf.len() as u64) > self.max_size as u64 + } { + self.roll()?; + } + + // write the bytes + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.write(buf), + SpooledData::OnDisk(file) => file.write(buf), + } + } + + fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result<usize> { + if matches! { + &self.inner, SpooledData::InMemory(cursor) + // Borrowed from the rust standard library. + if bufs + .iter() + .fold(cursor.position(), |a, b| a.saturating_add(b.len() as u64)) + > self.max_size as u64 + } { + self.roll()?; + } + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.write_vectored(bufs), + SpooledData::OnDisk(file) => file.write_vectored(bufs), + } + } + + #[inline] + fn flush(&mut self) -> io::Result<()> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.flush(), + SpooledData::OnDisk(file) => file.flush(), + } + } +} + +impl Seek for SpooledTempFile { + fn seek(&mut self, pos: SeekFrom) -> io::Result<u64> { + match &mut self.inner { + SpooledData::InMemory(cursor) => cursor.seek(pos), + SpooledData::OnDisk(file) => file.seek(pos), + } + } +} diff --git a/vendor/tempfile/src/util.rs b/vendor/tempfile/src/util.rs new file mode 100644 index 00000000..2ac9bea4 --- /dev/null +++ b/vendor/tempfile/src/util.rs @@ -0,0 +1,82 @@ +use std::ffi::{OsStr, OsString}; +use std::path::{Path, PathBuf}; +use std::{io, iter::repeat_with}; + +use crate::error::IoResultExt; + +fn tmpname(rng: &mut fastrand::Rng, prefix: &OsStr, suffix: &OsStr, rand_len: usize) -> OsString { + let capacity = prefix + .len() + .saturating_add(suffix.len()) + .saturating_add(rand_len); + let mut buf = OsString::with_capacity(capacity); + buf.push(prefix); + let mut char_buf = [0u8; 4]; + for c in repeat_with(|| rng.alphanumeric()).take(rand_len) { + buf.push(c.encode_utf8(&mut char_buf)); + } + buf.push(suffix); + buf +} + +pub fn create_helper<R>( + base: &Path, + prefix: &OsStr, + suffix: &OsStr, + random_len: usize, + mut f: impl FnMut(PathBuf) -> io::Result<R>, +) -> io::Result<R> { + // Make the path absolute. Otherwise, changing the current directory can invalidate a stored + // path (causing issues when cleaning up temporary files. + let mut base = base; // re-borrow to shrink lifetime + let base_path_storage; // slot to store the absolute path, if necessary. + if !base.is_absolute() { + let cur_dir = std::env::current_dir()?; + base_path_storage = cur_dir.join(base); + base = &base_path_storage; + } + + let num_retries = if random_len != 0 { + crate::NUM_RETRIES + } else { + 1 + }; + + // We fork the fastrand rng. + let mut rng = fastrand::Rng::new(); + for i in 0..num_retries { + // If we fail to create the file the first three times, re-seed from system randomness in + // case an attacker is predicting our randomness (fastrand is predictable). If re-seeding + // doesn't help, either: + // + // 1. We have lots of temporary files, possibly created by an attacker but not necessarily. + // Re-seeding the randomness won't help here. + // 2. We're failing to create random files for some other reason. This shouldn't be the case + // given that we're checking error kinds, but it could happen. + #[cfg(all( + feature = "getrandom", + any(windows, unix, target_os = "redox", target_os = "wasi") + ))] + if i == 3 { + if let Ok(seed) = getrandom::u64() { + rng.seed(seed); + } + } + let _ = i; // avoid unused variable warning for the above. + + let path = base.join(tmpname(&mut rng, prefix, suffix, random_len)); + return match f(path) { + Err(ref e) if e.kind() == io::ErrorKind::AlreadyExists && num_retries > 1 => continue, + // AddrInUse can happen if we're creating a UNIX domain socket and + // the path already exists. + Err(ref e) if e.kind() == io::ErrorKind::AddrInUse && num_retries > 1 => continue, + res => res, + }; + } + + Err(io::Error::new( + io::ErrorKind::AlreadyExists, + "too many temporary files exist", + )) + .with_err_path(|| base) +} |