files

package
v3.0.0-...-d23e6ac Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var RelativeOutOfBoundErr = errors.New("full path does not contain base path")

Functions

func CreateTempDir

func CreateTempDir(baseDir string) (string, error)

CreateTempDir will create a temporary directory in baseDir with CSPRNG entropy in the name to avoid clashes and mitigate directory traversal. If baseDir is empty string, os.TempDir() will be used. It is the caller's responsibility to remove the directory after use. Will return the full path of the generated directory.

func Inbound

func Inbound(candidate, baseDir string) bool

Inbound will validate if the given candidate path is inside the baseDir. This is useful to make sure that malicious candidates are not targeting a file outside of baseDir boundaries. Considerations: - baseDir must be absolute path. Will return false otherwise - candidate can be absolute or relative path - candidate should not be symlink as only syntatic validation is applied by this function

func IsSymlink(fi os.FileInfo) bool

IsSymlink return true if the given FileInfo relates to a symlink file. Returns false otherwise.

func RelativePath

func RelativePath(fullPath, basePath string) (string, error)

RelativePath will remove the basePath string from the fullPath including the path separator. Differently from filepath.Rel, this function will return error (RelativeOutOfBoundErr) if basePath does not match (example 2).

Example 1:

fullPath: /home/test/app/readme.md
basePath: /home/test
return:   app/readme.md

Example 2:

fullPath: /home/test/app/readme.md
basePath: /somewhere/else
return:   "", RelativeOutOfBoundErr

Example 3:

fullPath: /home/test/app/readme.md
basePath: /home/test/app/readme.md
return:   .

func SecureMkdirAll

func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error)

SecureMkdirAll creates a directory with the given mode and returns the full path to the directory. It prevents directory traversal attacks by ensuring the path is within the root directory. The path is constructed as if the given root is the root of the filesystem. So anything traversing outside the root is simply removed from the path.

func Tgz

func Tgz(srcPath string, inclusions []string, exclusions []string, writers ...io.Writer) (int, error)

Tgz will iterate over all files found in srcPath compressing them with gzip and archiving with Tar. Will invoke every given writer while generating the tgz. This is useful to generate checksums. Will exclude files matching the exclusions list blob if exclusions is not nil. Will include only the files matching the inclusions list if inclusions is not nil.

func Untgz

func Untgz(dstPath string, r io.Reader, maxSize int64, preserveFileMode bool) error

Untgz will loop over the tar reader creating the file structure at dstPath. Callers must make sure dstPath is:

  • a full path
  • points to an empty directory or
  • points to a non existing directory

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL