ppkarwasz commented on PR #428:
URL: https://github.com/apache/commons-codec/pull/428#issuecomment-4230000138
I think the two main points we should discuss, before releasing this API are:
1. The sanitization of `.` and `..` segment paths, with are not allowed.
These segments do no appear naturally, when traversing a `Path`. A `.` segment,
however, could appear in some archives: should we allow it? A `..` segment,
however, has no place in a non-malicious archive and I don't think implementing
path normalization logic here is appropriate: what do you think?
2. `TreeIdBuilder` does **not** have a fluent API. We could introduce
something like:
```java
builder.addFile(...)
.startDirectory("foo")
.addFile(...)
.endDirectory()
.addFile(...)
```
but this seems overkill. Besides, this would introduce a problem:
currently `addDirectory` can create multiple nested directories at once, so
implementing `endDirectory` would add unnecessary complexity. The reason for
skipping multiple levels is that archives do not necessarily contain
directories: a TAR file with just a `foo/bar/baz.txt` directory is just fine. I
didn't want to add the complexity of creating intermediate directories on the
user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
