diff --git a/internal/fusefrontend_reverse/root_node.go b/internal/fusefrontend_reverse/root_node.go index d57e1e6..5ce7f81 100644 --- a/internal/fusefrontend_reverse/root_node.go +++ b/internal/fusefrontend_reverse/root_node.go @@ -109,6 +109,10 @@ func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (p // isExcludedPlain finds out if the plaintext path "pPath" is // excluded (used when -exclude is passed by the user). func (rn *RootNode) isExcludedPlain(pPath string) bool { + // root dir can't be excluded + if pPath == "" { + return false + } return rn.excluder != nil && rn.excluder.MatchesPath(pPath) } diff --git a/tests/reverse/exclude_test.go b/tests/reverse/exclude_test.go index 88530ab..b0e7135 100644 --- a/tests/reverse/exclude_test.go +++ b/tests/reverse/exclude_test.go @@ -20,56 +20,9 @@ func ctlsockEncryptPath(t *testing.T, sock string, path string) string { } // doTestExcludeTestFs runs exclude tests against the exclude_test_fs folder -func doTestExcludeTestFs(t *testing.T, flag string) { - // --exclude-wildcard patterns, gitignore syntax - patterns := []string{ - "file1", // matches file1 anywhere - "!longdir1" + x240 + "/file1", // ! includes an otherwise file - "file2/", // a trailing slash matches only a directory - "dir1/file2", // matches file2 inside dir1 anywhere - "#file2", // comments are ignored - "dir2", // excludes the whole directory - "longfile2" + x240, // matches longfile2 anywhere - "/longfile3" + x240, // a leading / anchors the match at the root - "*~", // wildcards are supported - "dir1/**/exclude", // ** matches any number of directories - "file3/", // pattern with trailing slash should not match a file - } - // pVisible are plaintext paths that should be visible in the encrypted view - pVisible := []string{ - "file2", - "dir1/longfile1" + x240, - "dir1/longfile3" + x240, - "longdir1" + x240, - "longdir1" + x240 + "/file1", - "longdir2" + x240 + "/file", - "longfile1" + x240, - "file3", - } - // pHidden are plaintext paths that should be hidden in the encrypted view - pHidden := []string{ - "bkp1~", - "dir1/file1", - "dir1/file2", - "dir1/exclude", - "dir1/longbkp1" + x240 + "~", - "dir1/longfile2" + x240, - "dir1/subdir1/exclude", - "dir1/subdir1/subdir2/exclude", - "dir2", - "dir2/file", - "dir2/longdir1" + x240 + "/file", - "dir2/longfile." + x240, - "dir2/subdir", - "dir2/subdir/file", - "file1", - "longdir2" + x240 + "/bkp~", - "longfile2" + x240, - "longfile3" + x240, - } - +func doTestExcludeTestFs(t *testing.T, flag string, patterns, visible, hidden []string) { // Mount reverse fs - mnt, err := ioutil.TempDir(test_helpers.TmpDir, "TestExclude") + mnt, err := ioutil.TempDir(test_helpers.TmpDir, t.Name()) if err != nil { t.Fatal(err) } @@ -85,8 +38,8 @@ func doTestExcludeTestFs(t *testing.T, flag string) { defer test_helpers.UnmountPanic(mnt) // Get encrypted version of visible and hidden paths - cVisible := encryptExcludeTestPaths(t, sock, pVisible) - cHidden := encryptExcludeTestPaths(t, sock, pHidden) + cVisible := encryptExcludeTestPaths(t, sock, visible) + cHidden := encryptExcludeTestPaths(t, sock, hidden) // Check that hidden paths are not there and visible paths are there for _, v := range cHidden { @@ -123,6 +76,82 @@ func encryptExcludeTestPaths(t *testing.T, socket string, pRelPaths []string) (o // TestExcludeTestFs runs exclude tests against the exclude_test_fs folder. func TestExcludeTestFs(t *testing.T) { - doTestExcludeTestFs(t, "-exclude-wildcard") - doTestExcludeTestFs(t, "-ew") + // --exclude-wildcard patterns, gitignore syntax + patterns := []string{ + "file1", // matches file1 anywhere + "!longdir1" + x240 + "/file1", // ! includes an otherwise file + "file2/", // a trailing slash matches only a directory + "dir1/file2", // matches file2 inside dir1 anywhere + "#file2", // comments are ignored + "dir2", // excludes the whole directory + "longfile2" + x240, // matches longfile2 anywhere + "/longfile3" + x240, // a leading / anchors the match at the root + "*~", // wildcards are supported + "dir1/**/exclude", // ** matches any number of directories + "file3/", // pattern with trailing slash should not match a file + } + // visible are plaintext paths that should be visible in the encrypted view + visible := []string{ + "file2", + "dir1/longfile1" + x240, + "dir1/longfile3" + x240, + "longdir1" + x240, + "longdir1" + x240 + "/file1", + "longdir2" + x240 + "/file", + "longfile1" + x240, + "file3", + } + // hidden are plaintext paths that should be hidden in the encrypted view + hidden := []string{ + "bkp1~", + "dir1/file1", + "dir1/file2", + "dir1/exclude", + "dir1/longbkp1" + x240 + "~", + "dir1/longfile2" + x240, + "dir1/subdir1/exclude", + "dir1/subdir1/subdir2/exclude", + "dir2", + "dir2/file", + "dir2/longdir1" + x240 + "/file", + "dir2/longfile." + x240, + "dir2/subdir", + "dir2/subdir/file", + "file1", + "longdir2" + x240 + "/bkp~", + "longfile2" + x240, + "longfile3" + x240, + } + + doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden) + doTestExcludeTestFs(t, "-ew", patterns, visible, hidden) +} + +// Exclude everything using "/*", then selectively include only dir1 using "!/dir1" +// https://github.com/rfjakob/gocryptfs/issues/588 +func TestExcludeAllOnlyDir1(t *testing.T) { + // --exclude-wildcard patterns, gitignore syntax + patterns := []string{ + "*", + "!/dir1", + } + // visible are plaintext paths that should be visible in the encrypted view + visible := []string{ + "dir1", + "dir1/file1", + } + // hidden are plaintext paths that should be hidden in the encrypted view + hidden := []string{ + "dir2", + "dir2/file", + "dir2/longdir1" + x240 + "/file", + "dir2/longfile." + x240, + "dir2/subdir", + "dir2/subdir/file", + "file1", + "longdir2" + x240 + "/bkp~", + "longfile2" + x240, + "longfile3" + x240, + } + doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden) } diff --git a/tests/reverse/exclude_test_fs/file3 b/tests/reverse/exclude_test_fs/file3 new file mode 100644 index 0000000..e69de29