Struct fs_mistrust::Mistrust
source · [−]pub struct Mistrust { /* private fields */ }Expand description
Configuration for verifying that a file or directory is really “private”.
By default, we mistrust everything that we can: we assume that every directory on the filesystem is potentially misconfigured. This object can be used to change that.
Once you have a working Mistrust, you can call its “check_*” methods
directly, or use verifier() to configure a more
complicated check.
See the crate documentation for more information.
TODO
- support more kinds of trust configuration, including more trusted users, trusted groups, multiple trusted directories, etc?
Implementations
sourceimpl Mistrust
impl Mistrust
sourcepub fn new() -> Self
pub fn new() -> Self
Initialize a new default Mistrust.
By default:
- we will inspect all directories that are used to resolve any path that is checked.
sourcepub fn ignore_prefix<P: AsRef<Path>>(
&mut self,
directory: P
) -> Result<&mut Self>
pub fn ignore_prefix<P: AsRef<Path>>(
&mut self,
directory: P
) -> Result<&mut Self>
Set a path as an “ignored prefix” for all of our checks.
Any path that is a part of this prefix will be assumed to have valid
permissions and ownership. For example, if you call
ignore_prefix("/u1/users"), then we will not check /, /u1, or
/u1/users.
A typical use of this function is to ignore ${HOME}/...
If this directory cannot be found or resolved, this function will return an error.
sourcepub fn dangerously_trust_everyone(&mut self) -> &mut Self
pub fn dangerously_trust_everyone(&mut self) -> &mut Self
Configure this Mistrust to trust every user and every group.
With this option set, every file and directory is treated as having valid permissions: even world-writeable files are allowed. File-type checks are still performed.
This option is mainly useful to handle cases where you want to make
these checks optional, and still use CheckedDir without having to
implement separate code paths for the “checking on” and “checking off”
cases.
sourcepub fn verifier(&self) -> Verifier<'_>
pub fn verifier(&self) -> Verifier<'_>
Create a new Verifier with this configuration, to perform a single check.
sourcepub fn check_directory<P: AsRef<Path>>(&self, dir: P) -> Result<()>
pub fn check_directory<P: AsRef<Path>>(&self, dir: P) -> Result<()>
Verify that dir is a directory that only trusted users can read from,
list the files in, or write to.
If it is, and we can verify that, return Ok(()). Otherwise, return
the first problem that we encountered when verifying it.
m.check_directory(dir) is equivalent to
m.verifier().require_directory().check(dir). If you need different
behavior, see Verifier for more options.
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for Mistrust
impl Send for Mistrust
impl Sync for Mistrust
impl Unpin for Mistrust
impl UnwindSafe for Mistrust
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into)Uses borrowed data to replace owned data, usually by cloning. Read more