On Sun, Jan 15, 2023 at 01:53:51PM +0000, Dmytro Katyukha via Digitalmars-d-announce wrote: [...] > Also, this lib contains function > [createTempDirectory](https://github.com/katyukha/thepath/blob/master/source/thepath/utils.d), > that, i think, would be nice to have it in Phobos.
Yes it would be nice. But there may be security implications. For Posix, I see you use mkdtemp, which is secured by the OS / libc implementor. But for non-Posix, you used std.random; this is insecure because std.random is not intended for cryptographic applications, and anything not designed for crytographic security is vulnerable to exploits. Also, you need to be careful with the default permissions with the temp directory is created; leaving it up to whatever's set in the user's environment is generally unwise. > So, the questions are: > - Do it have sense to convert `Path` to a class? Or keep it as struct? Struct. In general, idiomatic D code prefers structs over classes. If you're not using inheritance and runtime polymorphism, there's no need to use classes. > - Do it have sense to convert `Path` to template struct to make it > possible to work with other types of strings (except `string` type)? IMO, this only introduces needless complexity. For example std.regex templatizes over char/wchar/dchar, but I've basically never needed to use anything except the char instantiation. This needless template parametrization only adds to std.regex's slow compile times; in retrospect it was IMO a mistake. Regular D code should just use strings (UTF-8) for everything, and convert to wstring at the OS boundary if you're on Windows and need something to be in UTF-16. And dstring is essentially useless; I've not heard of anyone needing to use dstring for the 10 or so years I've been using D. Just use string, that's good enough. > - What are the requirements to place > [createTempDirectory](https://github.com/katyukha/thepath/blob/master/source/thepath/utils.d#L11) > function in Phobos? Use Phobos coding style, bring it up to Phobos coding standards. > - What else could be changed to make it better? [...] Probably should always use the libc or OS function for creating a temp directory; it's generally bad idea to roll your own when it comes to creating temporary files or directories where there can be serious security implications. Other than insecure random name generation, there's also timing issues to be considered, i.e., if an attacker could predict the name, he could preemptively create the directory with the wrong permissions between your call to std.file.exists and std.file.mkdir, and exploit those permissions to manipulate the behaviour of your program later. You need to leverage OS APIs to guarantee the atomicity of checking for existence and creating the directory. T -- Ignorance is bliss... until you suffer the consequences!