Documentation ¶
Index ¶
- func ChmodAtNoFollow(path *Path, mode os.FileMode) error
- func ChownAtNoFollow(path *Path, uid, gid int) error
- func ChpermAtNoFollow(path *Path, uid, gid int, mode os.FileMode) error
- func ListenUnixNoFollow(socketDir *Path, socketName string) (net.Listener, error)
- func MkdirAtNoFollow(path *Path, dirName string, mode os.FileMode) error
- func MknodAtNoFollow(path *Path, fileName string, mode os.FileMode, dev uint64) (err error)
- func StatAtNoFollow(path *Path) (os.FileInfo, error)
- func TouchAtNoFollow(path *Path, fileName string, mode os.FileMode) (err error)
- func UnlinkAtNoFollow(path *Path) error
- type File
- type Path
- func (p *Path) AppendAndResolveWithRelativeRoot(relativeRootElems ...string) (*Path, error)
- func (p *Path) Base() (string, error)
- func (p *Path) DirNoFollow() (*Path, error)
- func (p *Path) ExecuteNoFollow(callback func(safePath string) error) error
- func (p *Path) IsRoot() bool
- func (p *Path) Raw() *unsafepath.Path
- func (p *Path) String() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ChownAtNoFollow ¶
func ListenUnixNoFollow ¶
ListenUnixNoFollow safely creates a socket in user-owned path Since there exists no socketat on unix, first a safe delete is performed, then the socket is created.
func MknodAtNoFollow ¶
func TouchAtNoFollow ¶
TouchAtNoFollow safely touches a file relative to rootBase. The additional elements form the relative path. Any symlink encountered will be treated as invalid and the operation will be aborted. This works best together with a path first resolved with JoinAndResolveWithRelativeRoot which can resolve relative paths to their real path without symlinks. If the target file exists already, the function will fail.
func UnlinkAtNoFollow ¶
UnlinkAtNoFollow allows deleting the specified file or directory (directory must be empty to succeed).
Types ¶
type File ¶
type File struct {
// contains filtered or unexported fields
}
func NewFileNoFollow ¶
NewFileNoFollow assumes that a real path to a file is given. It will validate that the file is indeed absolute by doing the following checks:
- ensure that the path is absolute
- ensure that the path does not container relative path elements
- ensure that no symlinks are provided
It will return the opened file which contains a link to a safe-to-use path to the file, which can't be tampered with. To operate on the file just use os.Open and related calls.
func OpenAtNoFollow ¶
OpenAtNoFollow safely opens a filedescriptor to a path relative to rootBase. Any symlink encountered will be treated as invalid and the operation will be aborted. This works best together with a path first resolved with JoinAndResolveWithRelativeRoot which can resolve relative paths and symlinks.
type Path ¶
type Path struct {
// contains filtered or unexported fields
}
Path is a path which was at the time of creation a real path re
func JoinAndResolveWithRelativeRoot ¶
JoinAndResolveWithRelativeRoot joins an absolute relativeRoot base path with additional elements which have to be kept below the relativeRoot base. Relative and absolute links will be resolved relative to the provided rootBase and can not escape it.
func JoinNoFollow ¶
JoinNoFollow joins the root path with the given additional path. If the additional path element is not a real path (like containing symlinks), it fails.
func NewPathNoFollow ¶
NewPathNoFollow is a convenience method to get out of a supposedly link-free path a safepath.Path. If there is a symlink included the command will fail.
func (*Path) AppendAndResolveWithRelativeRoot ¶
AppendAndResolveWithRelativeRoot returns a new path with the passed elements resolve relative to the current absolute path.
func (*Path) DirNoFollow ¶
DirNoFollow returns the parent directory of the safepath.Path as safepath.Path.
func (*Path) ExecuteNoFollow ¶
ExecuteNoFollow opens the file in question and provides the file descriptor path as safePath string. This safePath string can be (re)opened with normal os.* operations. The file descriptor path is managed by the kernel and there is no way to inject malicious symlinks.
func (*Path) Raw ¶
func (p *Path) Raw() *unsafepath.Path
Raw returns an "unsafe" path. It's properties are not safe to use without certain precautions. It exposes no access functions. All access happens via functions in the "unsafepath" package.