From 63c2b935f71d697175660a86528ee83eea3dd15f Mon Sep 17 00:00:00 2001
From: Kyle Fuller <kyle@fuller.li>
Date: Wed, 30 Nov 2016 15:16:32 +0000
Subject: [PATCH] feat(FileSystemLoader): Raise when template name escapes base

---
 CHANGELOG.md                                |  9 +++
 Sources/TemplateLoader.swift                | 65 ---------------------
 Tests/StencilTests/TemplateLoaderSpec.swift | 25 --------
 3 files changed, 9 insertions(+), 90 deletions(-)
 delete mode 100644 Sources/TemplateLoader.swift
 delete mode 100644 Tests/StencilTests/TemplateLoaderSpec.swift

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b37a39..94ec4bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Stencil Changelog
 
+## Master
+
+### Enhancements
+
+- `FileSystemLoader` will now ensure that template paths are within the base
+  path. Any template names that try to escape the base path will raise a
+  `SuspiciousFileOperation` error.
+
+
 ## 0.7.1
 
 ### Bug Fixes
diff --git a/Sources/TemplateLoader.swift b/Sources/TemplateLoader.swift
deleted file mode 100644
index d9a7d94..0000000
--- a/Sources/TemplateLoader.swift
+++ /dev/null
@@ -1,65 +0,0 @@
-import Foundation
-import PathKit
-
-
-public protocol Loader {
-  func loadTemplate(name: String) throws -> Template?
-  func loadTemplate(names: [String]) throws -> Template?
-}
-
-
-extension Loader {
-  func loadTemplate(names: [String]) throws -> Template? {
-    for name in names {
-      let template = try loadTemplate(name: name)
-
-      if template != nil {
-        return template
-      }
-    }
-
-    return nil
-  }
-}
-
-
-// A class for loading a template from disk
-public class FileSystemLoader: Loader {
-  public let paths: [Path]
-
-  public init(paths: [Path]) {
-    self.paths = paths
-  }
-
-  public init(bundle: [Bundle]) {
-    self.paths = bundle.map {
-      return Path($0.bundlePath)
-    }
-  }
-
-  public func loadTemplate(name: String) throws -> Template? {
-    for path in paths {
-      let templatePath = path + Path(name)
-
-      if templatePath.exists {
-        return try Template(path: templatePath)
-      }
-    }
-
-    return nil
-  }
-
-  public func loadTemplate(names: [String]) throws -> Template? {
-    for path in paths {
-      for templateName in names {
-        let templatePath = path + Path(templateName)
-
-        if templatePath.exists {
-          return try Template(path: templatePath)
-        }
-      }
-    }
-
-    return nil
-  }
-}
diff --git a/Tests/StencilTests/TemplateLoaderSpec.swift b/Tests/StencilTests/TemplateLoaderSpec.swift
deleted file mode 100644
index db099b5..0000000
--- a/Tests/StencilTests/TemplateLoaderSpec.swift
+++ /dev/null
@@ -1,25 +0,0 @@
-import Spectre
-import Stencil
-import PathKit
-
-
-func testTemplateLoader() {
-  describe("TemplateLoader") {
-    let path = Path(#file) + ".."  + "fixtures"
-    let loader = FileSystemLoader(paths: [path])
-
-    $0.it("returns nil when a template cannot be found") {
-      try expect(try loader.loadTemplate(name: "unknown.html")).to.beNil()
-    }
-
-    $0.it("returns nil when an array of templates cannot be found") {
-      try expect(try loader.loadTemplate(names: ["unknown.html", "unknown2.html"])).to.beNil()
-    }
-
-    $0.it("can load a template from a file") {
-      if try loader.loadTemplate(name: "test.html") == nil {
-        throw failure("didn't find the template")
-      }
-    }
-  }
-}