garden-io
[FEATURE]: Validate that sync path is within project root
Feature Request
Background / Motivation
It occurs to me that someone could accidentally set the sync root to something outside the project root, say / and make it a one-way-reverse sync, in which case it may affect that person's file system outside of the version controlled parts of their project.
I'm honestly not entirely sure what would happen and how Mutagen handles these things internally, but as a safety measure, we should validate that the sync path is inside the project to prevent any unwanted surprises.
What should the user be able to do?
Configuring syncing as before, but such that Garden errors if there's a mistake in the config that can affect files outside of their project.
This could hypothetically break someone's workflows but I wouldn't flag it as a formal breaking change since this is really undocumented and unexpected behaviour.
@eysi09 did you mean sync's source path? Initially, we allowed it to be an absolute one in #3145 (and its follow-up PR #3447).
That was done a long time ago, before the Bonsai release. In 0.13 we changed the schemas and specs a lot. We might need to revisit the sync mode schema definitions and make those stricter again if necessary.
We can still allow the usage of absolute paths, but we need to ensure that those are effective sub-paths of the project root.
We also have MUTAGEN_DATA_DIRECTORY that operates as a physical working dir for the syncs. That dir can be outside the Garden project root, it was allowed to in #4867 (which fixed #4527). I think this dir is out of the context of this issue, just want to clarify that :)
Thanks for the context!
And yes, I meant the source path.
We'd need continue supporting absolute paths because otherwise it's a breaking change.
But we could still validate it against the project root and check whether it's contained with in it.
Again the idea would be to avoid accidentally starting a sync in some random directory on your file system that's not version controlled.