feat(core): Add Scope::is_forbidden (#11767)

2026-04-01 10:01:07 +02:00 · 2024-11-26 13:31:48 +01:00
parent ba6f370147
commit 5188c0fae2
2 changed files with 43 additions and 14 deletions
--- a/.changes/core-scope-is-forbidden.md
+++ b/.changes/core-scope-is-forbidden.md
@@ -0,0 +1,5 @@
+---
+tauri: 'minor:feat'
+---
+
+Added `Scope::is_forbidden` to check if a path was explicitly forbidden.
--- a/crates/tauri/src/scope/fs.rs
+++ b/crates/tauri/src/scope/fs.rs
@@ -339,21 +339,12 @@ impl Scope {
  }

  /// Determines if the given path is allowed on this scope.
+  ///
+  /// Returns `false` if the path was explicitly forbidden or neither allowed nor forbidden.
+  ///
+  /// May return `false` if the path points to a broken symlink.
  pub fn is_allowed<P: AsRef<Path>>(&self, path: P) -> bool {
-    let path = path.as_ref();
-    let path = if path.is_symlink() {
-      match std::fs::read_link(path) {
-        Ok(p) => p,
-        Err(_) => return false,
-      }
-    } else {
-      path.to_path_buf()
-    };
-    let path = if !path.exists() {
-      crate::Result::Ok(path)
-    } else {
-      std::fs::canonicalize(path).map_err(Into::into)
-    };
+    let path = try_resolve_symlink_and_canonicalize(path);

    if let Ok(path) = path {
      let path: PathBuf = path.components().collect();
@@ -380,6 +371,39 @@ impl Scope {
      false
    }
  }
+
+  /// Determines if the given path is explicitly forbidden on this scope.
+  ///
+  /// May return `true` if the path points to a broken symlink.
+  pub fn is_forbidden<P: AsRef<Path>>(&self, path: P) -> bool {
+    let path = try_resolve_symlink_and_canonicalize(path);
+
+    if let Ok(path) = path {
+      let path: PathBuf = path.components().collect();
+      self
+        .forbidden_patterns
+        .lock()
+        .unwrap()
+        .iter()
+        .any(|p| p.matches_path_with(&path, self.match_options))
+    } else {
+      true
+    }
+  }
+}
+
+fn try_resolve_symlink_and_canonicalize<P: AsRef<Path>>(path: P) -> crate::Result<PathBuf> {
+  let path = path.as_ref();
+  let path = if path.is_symlink() {
+    std::fs::read_link(path)?
+  } else {
+    path.to_path_buf()
+  };
+  if !path.exists() {
+    crate::Result::Ok(path)
+  } else {
+    std::fs::canonicalize(path).map_err(Into::into)
+  }
 }

 fn escaped_pattern(p: &str) -> Result<Pattern, glob::PatternError> {