safepath

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ChmodAtNoFollow 

func ChmodAtNoFollow(path *Path, mode os.FileMode) error

func ChownAtNoFollow 

func ChownAtNoFollow(path *Path, uid, gid int) error

func ChpermAtNoFollow 

func ChpermAtNoFollow(path *Path, uid, gid int, mode os.FileMode) error

func GetxattrNoFollow added in v0.58.2 

func GetxattrNoFollow(path *Path, attr string) ([]byte, error)

func ListenUnixNoFollow 

func ListenUnixNoFollow(socketDir *Path, socketName string) (net.Listener, error)

ListenUnixNoFollow safely creates a socket in user-owned path Since there exists no socketat on unix, first a safe delete is performed, then the socket is created.

func MkdirAtNoFollow 

func MkdirAtNoFollow(path *Path, dirName string, mode os.FileMode) error

func MknodAtNoFollow 

func MknodAtNoFollow(path *Path, fileName string, mode os.FileMode, dev uint64) (err error)

func StatAtNoFollow 

func StatAtNoFollow(path *Path) (os.FileInfo, error)

func TouchAtNoFollow 

func TouchAtNoFollow(path *Path, fileName string, mode os.FileMode) (err error)

TouchAtNoFollow safely touches a file relative to rootBase. The additional elements form the relative path. Any symlink encountered will be treated as invalid and the operation will be aborted. This works best together with a path first resolved with JoinAndResolveWithRelativeRoot which can resolve relative paths to their real path without symlinks. If the target file exists already, the function will fail.

func UnlinkAtNoFollow 

func UnlinkAtNoFollow(path *Path) error

UnlinkAtNoFollow allows deleting the specified file or directory (directory must be empty to succeed).

Types

type File 

type File struct {
	// contains filtered or unexported fields
}

func NewFileNoFollow 

func NewFileNoFollow(path string) (*File, error)

NewFileNoFollow assumes that a real path to a file is given. It will validate that the file is indeed absolute by doing the following checks:

  • ensure that the path is absolute
  • ensure that the path does not container relative path elements
  • ensure that no symlinks are provided

It will return the opened file which contains a link to a safe-to-use path to the file, which can't be tampered with. To operate on the file just use os.Open and related calls.

func OpenAtNoFollow 

func OpenAtNoFollow(path *Path) (file *File, err error)

OpenAtNoFollow safely opens a filedescriptor to a path relative to rootBase. Any symlink encountered will be treated as invalid and the operation will be aborted. This works best together with a path first resolved with JoinAndResolveWithRelativeRoot which can resolve relative paths and symlinks.

func (*File) Close 

func (f *File) Close() error

func (*File) Path 

func (f *File) Path() *Path

func (*File) SafePath 

func (f *File) SafePath() string

SafePath returns a path pointing to the associated file descriptor. It is safe to reuse this path without additional checks. The kernel will ensure that this path always points to the resolved file. To operate on the file just use os.Open and related calls.

func (*File) String 

func (f *File) String() string

type Path 

type Path struct {
	// contains filtered or unexported fields
}

Path is a path which was at the time of creation a real path re

func JoinAndResolveWithRelativeRoot 

func JoinAndResolveWithRelativeRoot(rootBase string, elems ...string) (*Path, error)

JoinAndResolveWithRelativeRoot joins an absolute relativeRoot base path with additional elements which have to be kept below the relativeRoot base. Relative and absolute links will be resolved relative to the provided rootBase and can not escape it.

func JoinNoFollow 

func JoinNoFollow(rootPath *Path, path string) (*Path, error)

JoinNoFollow joins the root path with the given additional path. If the additional path element is not a real path (like containing symlinks), it fails.

func NewPathNoFollow 

func NewPathNoFollow(path string) (*Path, error)

NewPathNoFollow is a convenience method to get out of a supposedly link-free path a safepath.Path. If there is a symlink included the command will fail.

func (*Path) AppendAndResolveWithRelativeRoot 

func (p *Path) AppendAndResolveWithRelativeRoot(relativeRootElems ...string) (*Path, error)

AppendAndResolveWithRelativeRoot returns a new path with the passed elements resolve relative to the current absolute path.

func (*Path) Base 

func (p *Path) Base() (string, error)

Base returns the basename of the relative untrusted part of the safepath.

func (*Path) DirNoFollow 

func (p *Path) DirNoFollow() (*Path, error)

DirNoFollow returns the parent directory of the safepath.Path as safepath.Path.

func (*Path) ExecuteNoFollow 

func (p *Path) ExecuteNoFollow(callback func(safePath string) error) error

ExecuteNoFollow opens the file in question and provides the file descriptor path as safePath string. This safePath string can be (re)opened with normal os.* operations. The file descriptor path is managed by the kernel and there is no way to inject malicious symlinks.

func (*Path) IsRoot 

func (p *Path) IsRoot() bool

func (*Path) Raw 

func (p *Path) Raw() *unsafepath.Path

Raw returns an "unsafe" path. It's properties are not safe to use without certain precautions. It exposes no access functions. All access happens via functions in the "unsafepath" package.

func (*Path) String 

func (p *Path) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.