nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-11 13:06:01 +01:00
Code Activity

AllowListSourceAccessor: Make thread-safe

Browse source
This commit is contained in:
Eelco Dolstra 2025-07-15 19:44:13 +02:00
parent e8314e69ab
commit 3dc1b99be5
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/libfetchers/filtering-source-accessor.cc
View file

@ -1,4 +1,5 @@
#include "nix/fetchers/filtering-source-accessor.hh" #include "nix/fetchers/filtering-source-accessor.hh"
#include "nix/util/sync.hh"
namespace nix { namespace nix {
@ -57,8 +58,8 @@ void FilteringSourceAccessor::checkAccess(const CanonPath & path)
struct AllowListSourceAccessorImpl : AllowListSourceAccessor struct AllowListSourceAccessorImpl : AllowListSourceAccessor
{ {
std::set<CanonPath> allowedPrefixes; SharedSync<std::set<CanonPath>> allowedPrefixes;
std::unordered_set<CanonPath> allowedPaths; SharedSync<std::unordered_set<CanonPath>> allowedPaths;
AllowListSourceAccessorImpl( AllowListSourceAccessorImpl(
ref<SourceAccessor> next, ref<SourceAccessor> next,
@ -73,13 +74,13 @@ struct AllowListSourceAccessorImpl : AllowListSourceAccessor
bool isAllowed(const CanonPath & path) override bool isAllowed(const CanonPath & path) override
{ {
return return
allowedPaths.contains(path) allowedPaths.readLock()->contains(path)
|| path.isAllowed(allowedPrefixes); || path.isAllowed(*allowedPrefixes.readLock());
} }
void allowPrefix(CanonPath prefix) override void allowPrefix(CanonPath prefix) override
{ {
allowedPrefixes.insert(std::move(prefix)); allowedPrefixes.lock()->insert(std::move(prefix));
} }
}; };