search

doyensec / electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
Apache License 2.0
958 stars 65 forks source link

ENOENT: no such file or directory -4058 - Path exceeds 256 characters #83

Open gabrown13 opened 3 years ago

gabrown13 commented 3 years ago

When running the scan with the following command line, "electronegativity -i d:\" I received the error "[Error: ENOENT: no such file or directory, stat 'D:... { errorno: -4058 code: 'ENOENT' syscall: 'stat', path: 'D:\... }

The problem is not that the file is missing, it is that the DOS path exceeds 256 characters and the folders and file names beyond the 256 limit are not recognized.

To Reproduce

  1. On a Windows 10 Machine create a folder structure that will exceed 256 characters
  2. Check out a project to scan in that folder path.
  3. From the command prompt run the command electronegativity -i <d:\LongPathToProject>
  4. This should reproduce the error.

Expected behavior Most modern OSs do not have a restriction on the number of character for the filename and folder structure. My expectation was that the scan would have completed and not reported that a file was missing.

Stacktraces See above error message.

Platform (please complete the following information):

LoganDark commented 2 years ago

Most modern OSs do not have a restriction on the number of character for the filename and folder structure.

Except Windows does and that's where the issue lies. Windows is very much not a "modern" OS as most of it is decades old by this point. Microsoft keeps giving it new coats of paint, but it's still the same old NT codebase underneath, which borrows a lot from DOS. You seem to already know this as you've deduced that it has to do with "DOS paths" being longer than 255 characters.

There is a way to get around "DOS paths". Windows has a method for bypassing the max path length limit by representing paths in a different way (I believe they're called extended paths, or UNC paths, or something like that). However I think electronegativity has to do this manually.

Luckily it's as simple as replacing your boring old C:\Users\Whatever\Documents\Project with \\?\C:\Users\Whatever\Documents\Project as documented here. I believe it might actually work if you pass a path starting with \\?\ to electronegativity.

If that doesn't work, for now you can use WSL which doesn't have such a low path length limit.

EDIT: Interesting, it appears Windows 10 versions later than 1607 have the ability to disable the max path length limitation altogether. That would almost certainly solve the problem on your machine. Actually reading further it seems like this only works for applications that also opt-in to this behavior. Dang.