canic-backup 0.69.5

Manifest and orchestration primitives for Canic deployment backup and restore
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

//! Module: persistence::integrity::path
//!
//! Responsibility: resolve artifact paths without escaping the backup root.
//! Does not own: artifact verification, filesystem writes, or manifest validation.
//! Boundary: provides path safety checks for persistence integrity code.

use std::path::{Component, Path, PathBuf};

/// Resolve a backup artifact path under the backup root.
#[must_use]
pub fn resolve_backup_artifact_path(root: &Path, artifact_path: &str) -> Option<PathBuf> {
    let path = PathBuf::from(artifact_path);
    if path.is_absolute() {
        return None;
    }
    let is_safe = path
        .components()
        .all(|component| matches!(component, Component::Normal(_) | Component::CurDir));
    if !is_safe {
        return None;
    }

    Some(root.join(path))
}