symlink

package module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 16, 2024 License: Apache-2.0 Imports: 5 Imported by: 507

Documentation

Overview

Package symlink implements FollowSymlinkInScope which is an extension of path/filepath.EvalSymlinks, as well as a Windows long-path aware version of path/filepath.EvalSymlinks from the Go standard library.

The code from path/filepath.EvalSymlinks has been adapted in fs.go. Read the LICENSE.BSD file that governs fs.go and LICENSE.APACHE for fs_unix_test.go.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EvalSymlinks(path string) (string, error)

EvalSymlinks is a modified version of path/filepath.EvalSymlinks from the Go standard library with support for Windows long paths (paths prepended with "\\?\"). On non-Windows platforms, it's an alias for path/filepath.EvalSymlinks.

EvalSymlinks returns the path name after the evaluation of any symbolic links. If path is relative, the result will be relative to the current directory, unless one of the components is an absolute symbolic link.

EvalSymlinks calls path/filepath.Clean on the result.

func FollowSymlinkInScope

func FollowSymlinkInScope(path, root string) (string, error)

FollowSymlinkInScope evaluates symbolic links in "path" within a scope "root" and returns a result guaranteed to be contained within the scope "root" at the time of the call. It returns an error of either "path" or "root" cannot be converted to an absolute path.

Symbolic links in "root" are not evaluated and left as-is. Errors encountered while attempting to evaluate symlinks in path are returned, but non-existing paths are valid and do not constitute an error. "path" must contain "root" as a prefix, or else an error is returned. Trying to break out from "root" does not constitute an error, instead resolves the path within "root".

Example:

// If "/foo/bar" is a symbolic link to "/outside":
FollowSymlinkInScope("/foo/bar", "/foo") // Returns "/foo/outside" instead of "/outside"

IMPORTANT: It is the caller's responsibility to call FollowSymlinkInScope after relevant symbolic links are created to avoid Time-of-check Time-of-use (TOCTOU) race conditions (CWE-367). No additional symbolic links must be created after evaluating, as those could potentially make a previously-safe path unsafe.

For example, if "/foo/bar" does not exist, FollowSymlinkInScope("/foo/bar", "/foo") evaluates the path to "/foo/bar". If one makes "/foo/bar" a symbolic link to "/baz" subsequently, then "/foo/bar" should no longer be considered safely contained in "/foo".

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL