pub struct SymlinkCheck {
pub inner: Stack,
}Expand description
A stack that validates we are not going through a symlink in a way that is read-only.
It can efficiently validate paths when these are queried in sort-order, which leads to each component to only be checked once.
Fields§
§inner: StackSupports querying additional information, like the stack root.
Implementations§
Source§impl SymlinkCheck
impl SymlinkCheck
Sourcepub fn verified_path(
&mut self,
relative_path: impl ToNormalPathComponents,
) -> Result<&Path>
pub fn verified_path( &mut self, relative_path: impl ToNormalPathComponents, ) -> Result<&Path>
Return a valid filesystem path located in our root by appending relative_path, which is guaranteed to
not pass through a symbolic link. That way the caller can be sure to not be misled by an attacker that
tries to make us reach outside of the repository.
Note that the file pointed to by relative_path may still be a symbolic link, or not exist at all,
and that an error may also be produced if directories on the path leading to the leaf
component of relative_path are missing.
§Note
On windows, no verification is performed, instead only the combined path is provided as usual.
Sourcepub fn verified_path_allow_nonexisting(
&mut self,
relative_path: &BStr,
) -> Result<Cow<'_, Path>>
pub fn verified_path_allow_nonexisting( &mut self, relative_path: &BStr, ) -> Result<Cow<'_, Path>>
Like Self::verified_path(), but do not fail if there is no directory entry at relative_path or on the way
to relative_path. Instead.
For convenience, this incarnation is tuned to be easy to use with Git paths, i.e. slash-separated BString path.