reverse: fix "exclude all but" case

With test.

Fixes https://github.com/rfjakob/gocryptfs/issues/588

3 files changed, 86 insertions, 53 deletions

diff --git a/internal/fusefrontend_reverse/root_node.go b/internal/fusefrontend_reverse/root_node.go
index d57e1e6..5ce7f81 100644
--- a/internal/fusefrontend_reverse/root_node.go
+++ b/internal/fusefrontend_reverse/root_node.go
@@ -109,6 +109,10 @@ func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (p
 // isExcludedPlain finds out if the plaintext path "pPath" is
 // excluded (used when -exclude is passed by the user).
 func (rn *RootNode) isExcludedPlain(pPath string) bool {
+	// root dir can't be excluded
+	if pPath == "" {
+		return false
+	}
 	return rn.excluder != nil && rn.excluder.MatchesPath(pPath)
 }
 
diff --git a/tests/reverse/exclude_test.go b/tests/reverse/exclude_test.go
index 88530ab..b0e7135 100644
--- a/tests/reverse/exclude_test.go
+++ b/tests/reverse/exclude_test.go
@@ -20,56 +20,9 @@ func ctlsockEncryptPath(t *testing.T, sock string, path string) string {
 }
 
 // doTestExcludeTestFs runs exclude tests against the exclude_test_fs folder
-func doTestExcludeTestFs(t *testing.T, flag string) {
-	// --exclude-wildcard patterns, gitignore syntax
-	patterns := []string{
-		"file1",                       // matches file1 anywhere
-		"!longdir1" + x240 + "/file1", // ! includes an otherwise file
-		"file2/",                      // a trailing slash matches only a directory
-		"dir1/file2",                  // matches file2 inside dir1 anywhere
-		"#file2",                      // comments are ignored
-		"dir2",                        // excludes the whole directory
-		"longfile2" + x240,            // matches longfile2 anywhere
-		"/longfile3" + x240,           // a leading / anchors the match at the root
-		"*~",                          // wildcards are supported
-		"dir1/**/exclude",             // ** matches any number of directories
-		"file3/",                      // pattern with trailing slash should not match a file
-	}
-	// pVisible are plaintext paths that should be visible in the encrypted view
-	pVisible := []string{
-		"file2",
-		"dir1/longfile1" + x240,
-		"dir1/longfile3" + x240,
-		"longdir1" + x240,
-		"longdir1" + x240 + "/file1",
-		"longdir2" + x240 + "/file",
-		"longfile1" + x240,
-		"file3",
-	}
-	// pHidden are plaintext paths that should be hidden in the encrypted view
-	pHidden := []string{
-		"bkp1~",
-		"dir1/file1",
-		"dir1/file2",
-		"dir1/exclude",
-		"dir1/longbkp1" + x240 + "~",
-		"dir1/longfile2" + x240,
-		"dir1/subdir1/exclude",
-		"dir1/subdir1/subdir2/exclude",
-		"dir2",
-		"dir2/file",
-		"dir2/longdir1" + x240 + "/file",
-		"dir2/longfile." + x240,
-		"dir2/subdir",
-		"dir2/subdir/file",
-		"file1",
-		"longdir2" + x240 + "/bkp~",
-		"longfile2" + x240,
-		"longfile3" + x240,
-	}
-
+func doTestExcludeTestFs(t *testing.T, flag string, patterns, visible, hidden []string) {
 	// Mount reverse fs
-	mnt, err := ioutil.TempDir(test_helpers.TmpDir, "TestExclude")
+	mnt, err := ioutil.TempDir(test_helpers.TmpDir, t.Name())
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -85,8 +38,8 @@ func doTestExcludeTestFs(t *testing.T, flag string) {
 	defer test_helpers.UnmountPanic(mnt)
 
 	// Get encrypted version of visible and hidden paths
-	cVisible := encryptExcludeTestPaths(t, sock, pVisible)
-	cHidden := encryptExcludeTestPaths(t, sock, pHidden)
+	cVisible := encryptExcludeTestPaths(t, sock, visible)
+	cHidden := encryptExcludeTestPaths(t, sock, hidden)
 
 	// Check that hidden paths are not there and visible paths are there
 	for _, v := range cHidden {
@@ -123,6 +76,82 @@ func encryptExcludeTestPaths(t *testing.T, socket string, pRelPaths []string) (o
 
 // TestExcludeTestFs runs exclude tests against the exclude_test_fs folder.
 func TestExcludeTestFs(t *testing.T) {
-	doTestExcludeTestFs(t, "-exclude-wildcard")
-	doTestExcludeTestFs(t, "-ew")
+	// --exclude-wildcard patterns, gitignore syntax
+	patterns := []string{
+		"file1",                       // matches file1 anywhere
+		"!longdir1" + x240 + "/file1", // ! includes an otherwise file
+		"file2/",                      // a trailing slash matches only a directory
+		"dir1/file2",                  // matches file2 inside dir1 anywhere
+		"#file2",                      // comments are ignored
+		"dir2",                        // excludes the whole directory
+		"longfile2" + x240,            // matches longfile2 anywhere
+		"/longfile3" + x240,           // a leading / anchors the match at the root
+		"*~",                          // wildcards are supported
+		"dir1/**/exclude",             // ** matches any number of directories
+		"file3/",                      // pattern with trailing slash should not match a file
+	}
+	// visible are plaintext paths that should be visible in the encrypted view
+	visible := []string{
+		"file2",
+		"dir1/longfile1" + x240,
+		"dir1/longfile3" + x240,
+		"longdir1" + x240,
+		"longdir1" + x240 + "/file1",
+		"longdir2" + x240 + "/file",
+		"longfile1" + x240,
+		"file3",
+	}
+	// hidden are plaintext paths that should be hidden in the encrypted view
+	hidden := []string{
+		"bkp1~",
+		"dir1/file1",
+		"dir1/file2",
+		"dir1/exclude",
+		"dir1/longbkp1" + x240 + "~",
+		"dir1/longfile2" + x240,
+		"dir1/subdir1/exclude",
+		"dir1/subdir1/subdir2/exclude",
+		"dir2",
+		"dir2/file",
+		"dir2/longdir1" + x240 + "/file",
+		"dir2/longfile." + x240,
+		"dir2/subdir",
+		"dir2/subdir/file",
+		"file1",
+		"longdir2" + x240 + "/bkp~",
+		"longfile2" + x240,
+		"longfile3" + x240,
+	}
+
+	doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden)
+	doTestExcludeTestFs(t, "-ew", patterns, visible, hidden)
+}
+
+// Exclude everything using "/*", then selectively include only dir1 using "!/dir1"
+// https://github.com/rfjakob/gocryptfs/issues/588
+func TestExcludeAllOnlyDir1(t *testing.T) {
+	// --exclude-wildcard patterns, gitignore syntax
+	patterns := []string{
+		"*",
+		"!/dir1",
+	}
+	// visible are plaintext paths that should be visible in the encrypted view
+	visible := []string{
+		"dir1",
+		"dir1/file1",
+	}
+	// hidden are plaintext paths that should be hidden in the encrypted view
+	hidden := []string{
+		"dir2",
+		"dir2/file",
+		"dir2/longdir1" + x240 + "/file",
+		"dir2/longfile." + x240,
+		"dir2/subdir",
+		"dir2/subdir/file",
+		"file1",
+		"longdir2" + x240 + "/bkp~",
+		"longfile2" + x240,
+		"longfile3" + x240,
+	}
+	doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden)
 }
diff --git a/tests/reverse/exclude_test_fs/file3 b/tests/reverse/exclude_test_fs/file3
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/reverse/exclude_test_fs/file3