package securejoin

filepath-securejoin – github.com/cyphar/filepath-securejoin Index | Files

package securejoin

import "github.com/cyphar/filepath-securejoin"

Package securejoin is an implementation of the hopefully-soon-to-be-included SecureJoin helper that is meant to be part of the "path/filepath" package. The purpose of this project is to provide a PoC implementation to make the SecureJoin proposal (https://github.com/golang/go/issues/20126) more tangible.

Index ¶

func SecureJoin(root, unsafePath string) (string, error)

Functions ¶

func SecureJoin ¶

func SecureJoin(root, unsafePath string) (string, error)

SecureJoin joins the two given path components (similar to Join) except that the returned path is guaranteed to be scoped inside the provided root path (when evaluated). Any symbolic links in the path are evaluated with the given root treated as the root of the filesystem, similar to a chroot.

Note that the guarantees provided by this function only apply if the path components in the returned string are not modified (in other words are not replaced with symlinks on the filesystem) after this function has returned. Such a symlink race is necessarily out-of-scope of SecureJoin.

Source Files ¶

join.go

Version: v0.1.0
Published: Jul 19, 2017
Platform: darwin/amd64
Imports: 5 packages
Last checked: 6 seconds ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples