Experiencing problems? Have you tried our Stack Exchange first?
[X] This is not a support question.
Description of bug
While playing around with a local testnet, I realized that if the chain_id has a /, like foo/bar, and then the database path is created in a subdirectory. So I tried to set the chain_id to ../../../../../../tmp/foo and indeed, the database was created in /tmp/foo, outside of the base_path. I don't think this is a big problem because the chain_id is usually the project name, but this should be easy to fix.
The problem is that .join() accepts any path, and there is no "push_dir" function. So we need some way to ensure that chain_id is a single directory, not a path.
Possible solutions:
Panic if the chain_id has some invalid characters such as / or ..
Replace invalid characters with something else to ensure that the path is always valid
Force chain_id to be alphanumerical in some other part of the code
Is there an existing issue?
Experiencing problems? Have you tried our Stack Exchange first?
Description of bug
While playing around with a local testnet, I realized that if the chain_id has a
/, likefoo/bar, and then the database path is created in a subdirectory. So I tried to set the chain_id to../../../../../../tmp/fooand indeed, the database was created in/tmp/foo, outside of the base_path. I don't think this is a big problem because the chain_id is usually the project name, but this should be easy to fix.This is the code that calculates the db_path:
https://github.com/paritytech/polkadot-sdk/blob/f6eeca91b6cf0810ca3d8e7ea23988d9510851ba/substrate/client/service/src/config.rs#L280-L282
The problem is that
.join()accepts any path, and there is no "push_dir" function. So we need some way to ensure thatchain_idis a single directory, not a path.Possible solutions:
/or..Steps to reproduce
No response