From 71428b9c3e4b66770908eaa974c0d8d01c22b822 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Eustace?= Date: Tue, 4 Sep 2018 16:46:11 +0200 Subject: [PATCH] Fix the possible deletion of system paths by cache:clear --- CHANGELOG.md | 1 + poetry/console/commands/cache/clear.py | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0018e19362..37fe89a2666 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - Fixed a recursion error with circular dependencies. - Fixed the `config` command setting incorrect values for paths. - Fixed an `OSError` on Python >= 3.5 for `git` dependencies with recursive symlinks. +- Fixed the possible deletion of system paths by `cache:clear`. ## [0.11.4] - 2018-07-30 diff --git a/poetry/console/commands/cache/clear.py b/poetry/console/commands/cache/clear.py index 4500a6b0314..1baa7056c9b 100644 --- a/poetry/console/commands/cache/clear.py +++ b/poetry/console/commands/cache/clear.py @@ -15,16 +15,26 @@ class CacheClearCommand(Command): def handle(self): from cachy import CacheManager from poetry.locations import CACHE_DIR + from poetry.utils._compat import Path cache = self.argument("cache") parts = cache.split(":") - cache_dir = os.path.join(CACHE_DIR, "cache", "repositories", parts[0]) + root = parts[0] + + base_cache = Path(CACHE_DIR) / "cache" / "repositories" + cache_dir = base_cache / root + + try: + cache_dir.relative_to(base_cache) + except ValueError: + raise ValueError("{} is not a valid repository cache".format(root)) + cache = CacheManager( { "default": parts[0], "serializer": "json", - "stores": {parts[0]: {"driver": "file", "path": cache_dir}}, + "stores": {parts[0]: {"driver": "file", "path": str(cache_dir)}}, } ) @@ -41,7 +51,7 @@ def handle(self): # Calculate number of entries entries_count = 0 - for path, dirs, files in os.walk(cache_dir): + for path, dirs, files in os.walk(str(cache_dir)): entries_count += len(files) delete = self.confirm(