FileManager: lsetxattr and setxattr are swapped

The if statement appears inverted:  setxattr follows simlinks: lsetxattr does not.

Author: AZero13

Sources/FoundationEssentials/FileManager/FileManager+Files.swift

@@ -522,7 +522,7 @@ extension _FileManagerImpl {
 
     private func _extendedAttributes(at path: UnsafePointer<CChar>, followSymlinks: Bool) throws -> [String : Data]? {
         #if canImport(Darwin)
-        var size = listxattr(path, nil, 0, 0)
+        var size = listxattr(path, nil, 0, followSymlinks ? 0 : XATTR_NOFOLLOW)
         #elseif os(FreeBSD)
         var size = (followSymlinks ? extattr_list_file : extattr_list_link)(path, EXTATTR_NAMESPACE_USER, nil, 0)
         #else
@@ -532,7 +532,7 @@ extension _FileManagerImpl {
         let keyList = UnsafeMutableBufferPointer<CChar>.allocate(capacity: size)
         defer { keyList.deallocate() }
         #if canImport(Darwin)
-        size = listxattr(path, keyList.baseAddress!, size, 0)
+        size = listxattr(path, keyList.baseAddress!, size, followSymlinks ? 0 : XATTR_NOFOLLOW)
         #elseif os(FreeBSD)
         size = (followSymlinks ? extattr_list_file : extattr_list_link)(path, EXTATTR_NAMESPACE_USER, nil, 0)
         #else
@@ -553,7 +553,7 @@ extension _FileManagerImpl {
             }
             #endif
 
-            if let value = try _extendedAttribute(current, at: path, followSymlinks: false) {
+            if let value = try _extendedAttribute(current, at: path, followSymlinks: followSymlinks) {
                 extendedAttrs[currentKey] = value
             }
         }

Sources/FoundationEssentials/FileManager/FileManager+Utilities.swift

@@ -193,15 +193,15 @@ extension _FileManagerImpl {
             #else
             var result: Int32
             if followSymLinks {
-                result = lsetxattr(path, key, buffer.baseAddress!, buffer.count, 0)
-            } else {
                 result = setxattr(path, key, buffer.baseAddress!, buffer.count, 0)
+            } else {
+                result = lsetxattr(path, key, buffer.baseAddress!, buffer.count, 0)
             }
             #endif
 
             #if os(macOS) && FOUNDATION_FRAMEWORK
-            // if setxaddr failed and its a permission error for a sandbox app trying to set quaratine attribute, ignore it since its not
-            // permitted, the attribute will be put on the file by the quaratine MAC hook
+            // if setxattr failed and its a permission error for a sandbox app trying to set quarantine attribute, ignore it since its not
+            // permitted, the attribute will be put on the file by the quarantine MAC hook
             if result == -1 && errno == EPERM && _xpc_runtime_is_app_sandboxed() && strcmp(key, "com.apple.quarantine") == 0 {
                 return
             }

Tests/FoundationEssentialsTests/FileManager/FileManagerTests.swift

@@ -1046,6 +1046,70 @@ private struct FileManagerTests {
         }
     }
 
+    #if !os(Windows) && !os(WASI) && !os(OpenBSD) && !canImport(Android)
+    @Test func extendedAttributesDoNotFollowSymlinksWhenSetting() async throws {
+        let xattrKey = FileAttributeKey("NSFileExtendedAttributes")
+        #if canImport(Darwin)
+        let attrName = "com.swiftfoundation.symlinktest"
+        #elseif os(Linux)
+        // Linux requires the user.* namespace prefix for regular files
+        let attrName = "user.swiftfoundation.symlinktest"
+        #else
+        let attrName = "swiftfoundation.symlinktest"
+        #endif
+        let attrValue = Data([0xAA, 0xBB, 0xCC])
+
+        try await FilePlayground {
+            File("target", contents: Data("payload".utf8))
+            SymbolicLink("link", destination: "target")
+        }.test { fileManager in
+            // Attempt to set xattrs on the symlink; if unsupported, bail quietly.
+            do {
+                try fileManager.setAttributes(
+                    [xattrKey: [attrName: attrValue]], ofItemAtPath: "link")
+            } catch let error as CocoaError {
+                if error.code == .featureUnsupported {
+                    return
+                }
+                if let posix = error.underlying as? POSIXError,
+                    posix.code == .ENOTSUP || posix.code == .EOPNOTSUPP
+                {
+                    return
+                }
+                throw error
+            }
+
+            guard
+                let linkAttrs = try? fileManager.attributesOfItem(atPath: "link"),
+                let targetAttrs = try? fileManager.attributesOfItem(atPath: "target")
+            else { return }
+
+            let linkXattrs = linkAttrs[xattrKey] as? [String: Data]
+            let targetXattrs = targetAttrs[xattrKey] as? [String: Data]
+
+            // If neither reports xattrs, treat as unsupported on this FS/runtime.
+            if linkXattrs == nil && targetXattrs == nil {
+                return
+            }
+
+            // Prefer the symlink to carry the xattr; if the FS follows symlinks, accept target instead.
+            if let linkXattrs {
+                #expect(
+                    linkXattrs[attrName] == attrValue,
+                    "xattr should be applied to the symlink itself")
+                #expect(
+                    targetXattrs?[attrName] == nil,
+                    "setAttributes must not follow symlinks when setting extended attributes")
+            } else {
+                #expect(
+                    targetXattrs?[attrName] == attrValue,
+                    "xattr should be applied somewhere (target has it if symlinks are followed)"
+                )
+            }
+        }
+    }
+    #endif
+
     #if !canImport(Darwin) || os(macOS)
     @Test func currentUserHomeDirectory() async throws {
         let userName = ProcessInfo.processInfo.userName