Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: "go mod vendor" copies/overwrites files in parent directories if module folder is in the same directory as GOPATH #30311

Open
Hakkin opened this issue Feb 19, 2019 · 1 comment
Open

cmd/go: "go mod vendor" copies/overwrites files in parent directories if module folder is in the same directory as GOPATH #30311

Hakkin opened this issue Feb 19, 2019 · 1 comment
Labels
modules NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@Hakkin
Copy link

Hakkin commented Feb 19, 2019

What version of Go are you using (go version)?

$ go version
go version go1.11.5 windows/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\User\AppData\Local\go-build
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOOS=windows
set GOPATH=C:\Users\User\go
set GOPROXY=
set GORACE=
set GOROOT=C:\Go
set GOTMPDIR=
set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=C:\Users\User\project\go.mod
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users\User\AppData\Local\Temp\go-build112371658=/tmp/go-build -gno-record-gcc-switches

What did you do?

Starting with a default Windows install (GOROOT=C:\Go, GOPATH=%USERPROFILE%\go):

  1. Create a file in %USERPROFILE% with any of these prefixes:

    go/src/cmd/go/internal/modcmd/vendor.go

    Lines 143 to 153 in aab0b70

    var metaPrefixes = []string{
    "AUTHORS",
    "CONTRIBUTORS",
    "COPYLEFT",
    "COPYING",
    "COPYRIGHT",
    "LEGAL",
    "LICENSE",
    "NOTICE",
    "PATENTS",
    }

    I used "LEGAL.txt".

  2. Create a new folder in %USERPROFILE%.
    I used "project".

  3. Create a main.go in that folder that will import modules.
    I used the code from https://github.com/golang/go/wiki/Modules#quick-start

  4. Initialize the module (go mod init mymodule)

  5. Vendor the module (go mod vendor)

You should see an error at this point: go vendor: open C:\Users\LEGAL.txt: Access is denied.
This error is given because the vendoring code is attemping to copy LEGAL.txt all the way up the directory tree.
If you change your GOPATH to somewhere that has more parent folders and follow the above instructions (create project folder at same level as GOPATH and include a LEGAL.txt in one of the parent folders), you will see it will copy it up the entire directory tree until it hits an access denied error. It will also overwrite any files with the same name in any of these folders.

What did you expect to see?

The command should not modify files outside of Go-related directories.

What did you see instead?

Go copies and overwrites files outside of Go-related directories.
@agnivade
Copy link
Contributor

/cc @bcmills

@bcmills bcmills changed the title "go mod vendor" erroneously copies/overwrites files in parent directories if module folder is in the same directory as GOPATH cmd/go: "go mod vendor" copies/overwrites files in parent directories if module folder is in the same directory as GOPATH Feb 19, 2019
@oiooj oiooj added the modules label Feb 21, 2019
@bcmills bcmills added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Feb 28, 2019
@bcmills bcmills added this to the Go1.13 milestone Feb 28, 2019
@bcmills bcmills self-assigned this Feb 28, 2019
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@rsc rsc unassigned bcmills Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
modules NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
6 participants
@rsc @andybons @agnivade @oiooj @Hakkin @bcmills