fix: skip orphan .find-replace-* temp files during walks#97
Conversation
Create temp files with the .find-replace-* prefix via os.CreateTemp so names are unpredictable and not vulnerable to symlink planting attacks. Fixes dolph#3
Ignore stale temp files left by crashed runs so a subsequent traversal does not rewrite or rename them. Requires the .find-replace-* temp prefix from the safe tempfile change. Fixes dolph#21
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 489e0101bb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if strings.HasPrefix(file.Name(), ".find-replace-") { | ||
| continue |
There was a problem hiding this comment.
This skips every entry whose name starts with .find-replace- before checking whether it is a stale temp file or a directory. The temp files introduced here are created with os.CreateTemp, so orphaned entries from this tool are regular files; a real directory such as .find-replace-config/ will now be omitted entirely and none of its contents or child names will be processed, even though the CLI only documents skipping .git/ and binary files.
Useful? React with 👍 / 👎.
1 participant
Summary
.find-replace-*entries during directory walks and inHandleFileNotes
.find-replace-*temp prefix from the safe tempfile PR (Predictable temp-file names enable a symlink/race attack on file rewrites #3 /fix/safe-tempfile-issue-3-v2)Test plan
go test -run SkipStale ./...Fixes #21
Made with Cursor