pub struct SymlinkCheck { /* private fields */ }
Expand description
A stack that validates we are not going through a symlink in a way that is read-only.
It can efficiently validate paths when these are queried in sort-order, which leads to each component to only be checked once.
Implementations§
source§impl SymlinkCheck
impl SymlinkCheck
sourcepub fn verified_path(&mut self, relative_path: &Path) -> Result<&Path>
pub fn verified_path(&mut self, relative_path: &Path) -> Result<&Path>
Return a valid filesystem path located in our root by appending relative_path
, which is guaranteed to
not pass through a symbolic link. That way the caller can be sure to not be misled by an attacker that
tries to make us reach outside of the repository.
Note that the file pointed to by relative_path
may still be a symbolic link, or not exist at all,
and that an error may also be produced if directories on the path leading to the leaf
component of relative_path
are missing.
§Note
On windows, no verification is performed, instead only the combined path is provided as usual.