path-security 0.2.0

Comprehensive path validation and sanitization library with 85%+ attack vector coverage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507

# Use Cases - Path Security

## Overview

This document provides comprehensive use cases and real-world scenarios for the Path Security module.

## Web Application Security

### File Upload Security

**Scenario**: A web application allows users to upload files, but needs to prevent path traversal attacks.

**Solution**:
```rust
use path_security::{PathValidator, WebSecurityConfig};

let web_config = WebSecurityConfig::new()
    .with_web_security(true)
    .with_file_upload_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_web_security_config(web_config);

// Validate user-uploaded file paths
let user_path = "/uploads/user-file.txt";
match validator.validate_path(user_path) {
    Ok(validated_path) => {
        // Safe to process the file
        process_uploaded_file(validated_path);
    }
    Err(error) => {
        // Block the upload and log the security event
        log_security_event("Path traversal attempt blocked", error);
        return_error("Invalid file path");
    }
}
```

### API Security

**Scenario**: A REST API needs to validate file paths in requests to prevent security vulnerabilities.

**Solution**:
```rust
use path_security::{PathValidator, APISecurityConfig};

let api_config = APISecurityConfig::new()
    .with_api_security(true)
    .with_endpoint_security(true)
    .with_parameter_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_api_security_config(api_config);

// Validate API parameters
let api_param = "file=document.pdf";
match validator.validate_path(api_param) {
    Ok(validated_param) => {
        // Safe to process the API request
        process_api_request(validated_param);
    }
    Err(error) => {
        // Block the API request and log the security event
        log_security_event("API path traversal attempt blocked", error);
        return_api_error("Invalid file parameter");
    }
}
```

### Content Management System

**Scenario**: A CMS needs to validate file paths when users create or edit content.

**Solution**:
```rust
use path_security::{PathValidator, CMSSecurityConfig};

let cms_config = CMSSecurityConfig::new()
    .with_cms_security(true)
    .with_content_security(true)
    .with_file_management_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_cms_security_config(cms_config);

// Validate content file paths
let content_path = "/content/articles/article.txt";
match validator.validate_path(content_path) {
    Ok(validated_path) => {
        // Safe to process the content
        process_content(validated_path);
    }
    Err(error) => {
        // Block the content operation and log the security event
        log_security_event("CMS path traversal attempt blocked", error);
        return_cms_error("Invalid content path");
    }
}
```

## File System Security

### File Access Control

**Scenario**: A file server needs to control access to files and prevent unauthorized access.

**Solution**:
```rust
use path_security::{PathValidator, FileSystemSecurityConfig};

let fs_config = FileSystemSecurityConfig::new()
    .with_file_system_security(true)
    .with_directory_traversal_protection(true)
    .with_file_access_control(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_file_system_security_config(fs_config);

// Validate file access requests
let file_path = "/var/log/application.log";
match validator.validate_path(file_path) {
    Ok(validated_path) => {
        // Safe to access the file
        access_file(validated_path);
    }
    Err(error) => {
        // Block the file access and log the security event
        log_security_event("File access blocked", error);
        return_access_error("Invalid file path");
    }
}
```

### Directory Traversal Protection

**Scenario**: A file manager application needs to prevent users from accessing files outside their designated directories.

**Solution**:
```rust
use path_security::{PathValidator, DirectoryTraversalConfig};

let traversal_config = DirectoryTraversalConfig::new()
    .with_directory_traversal_protection(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_directory_traversal_config(traversal_config);

// Validate directory access requests
let directory_path = "/home/user/documents";
match validator.validate_path(directory_path) {
    Ok(validated_path) => {
        // Safe to access the directory
        access_directory(validated_path);
    }
    Err(error) => {
        // Block the directory access and log the security event
        log_security_event("Directory traversal blocked", error);
        return_access_error("Invalid directory path");
    }
}
```

### Backup System Security

**Scenario**: A backup system needs to validate file paths to prevent backup corruption.

**Solution**:
```rust
use path_security::{PathValidator, BackupSecurityConfig};

let backup_config = BackupSecurityConfig::new()
    .with_backup_security(true)
    .with_file_validation(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_backup_security_config(backup_config);

// Validate backup file paths
let backup_path = "/backups/daily/2024-01-01/data.tar.gz";
match validator.validate_path(backup_path) {
    Ok(validated_path) => {
        // Safe to create the backup
        create_backup(validated_path);
    }
    Err(error) => {
        // Block the backup operation and log the security event
        log_security_event("Backup path validation failed", error);
        return_backup_error("Invalid backup path");
    }
}
```

## Database Security

### Database File Security

**Scenario**: A database system needs to validate file paths for database files and logs.

**Solution**:
```rust
use path_security::{PathValidator, DatabaseSecurityConfig};

let db_config = DatabaseSecurityConfig::new()
    .with_database_security(true)
    .with_database_file_security(true)
    .with_database_log_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_database_security_config(db_config);

// Validate database file paths
let db_file_path = "/var/lib/postgresql/data/database.db";
match validator.validate_path(db_file_path) {
    Ok(validated_path) => {
        // Safe to access the database file
        access_database_file(validated_path);
    }
    Err(error) => {
        // Block the database file access and log the security event
        log_security_event("Database file access blocked", error);
        return_database_error("Invalid database file path");
    }
}
```

### Database Log Security

**Scenario**: A database system needs to validate log file paths to prevent log injection attacks.

**Solution**:
```rust
use path_security::{PathValidator, DatabaseLogSecurityConfig};

let log_config = DatabaseLogSecurityConfig::new()
    .with_database_log_security(true)
    .with_log_file_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_database_log_security_config(log_config);

// Validate database log paths
let log_path = "/var/log/postgresql/postgresql.log";
match validator.validate_path(log_path) {
    Ok(validated_path) => {
        // Safe to write to the log file
        write_to_log(validated_path);
    }
    Err(error) => {
        // Block the log write and log the security event
        log_security_event("Database log path validation failed", error);
        return_log_error("Invalid log file path");
    }
}
```

## Cloud Security

### Cloud Storage Security

**Scenario**: A cloud storage service needs to validate file paths to prevent unauthorized access.

**Solution**:
```rust
use path_security::{PathValidator, CloudStorageSecurityConfig};

let cloud_config = CloudStorageSecurityConfig::new()
    .with_cloud_storage_security(true)
    .with_cloud_file_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_cloud_storage_security_config(cloud_config);

// Validate cloud storage file paths
let cloud_path = "/cloud-storage/user-files/document.pdf";
match validator.validate_path(cloud_path) {
    Ok(validated_path) => {
        // Safe to access the cloud file
        access_cloud_file(validated_path);
    }
    Err(error) => {
        // Block the cloud file access and log the security event
        log_security_event("Cloud file access blocked", error);
        return_cloud_error("Invalid cloud file path");
    }
}
```

### Cloud Backup Security

**Scenario**: A cloud backup service needs to validate backup file paths to prevent backup corruption.

**Solution**:
```rust
use path_security::{PathValidator, CloudBackupSecurityConfig};

let cloud_backup_config = CloudBackupSecurityConfig::new()
    .with_cloud_backup_security(true)
    .with_cloud_backup_file_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_cloud_backup_security_config(cloud_backup_config);

// Validate cloud backup file paths
let cloud_backup_path = "/cloud-backups/daily/2024-01-01/data.tar.gz";
match validator.validate_path(cloud_backup_path) {
    Ok(validated_path) => {
        // Safe to create the cloud backup
        create_cloud_backup(validated_path);
    }
    Err(error) => {
        // Block the cloud backup operation and log the security event
        log_security_event("Cloud backup path validation failed", error);
        return_cloud_backup_error("Invalid cloud backup path");
    }
}
```

## Enterprise Security

### Enterprise File System Security

**Scenario**: An enterprise file system needs to validate file paths to prevent unauthorized access to sensitive data.

**Solution**:
```rust
use path_security::{PathValidator, EnterpriseSecurityConfig};

let enterprise_config = EnterpriseSecurityConfig::new()
    .with_enterprise_security(true)
    .with_enterprise_file_security(true)
    .with_enterprise_directory_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_enterprise_security_config(enterprise_config);

// Validate enterprise file paths
let enterprise_path = "/enterprise/data/sensitive-documents/confidential.pdf";
match validator.validate_path(enterprise_path) {
    Ok(validated_path) => {
        // Safe to access the enterprise file
        access_enterprise_file(validated_path);
    }
    Err(error) => {
        // Block the enterprise file access and log the security event
        log_security_event("Enterprise file access blocked", error);
        return_enterprise_error("Invalid enterprise file path");
    }
}
```

### Enterprise Backup Security

**Scenario**: An enterprise backup system needs to validate backup file paths to prevent backup corruption.

**Solution**:
```rust
use path_security::{PathValidator, EnterpriseBackupSecurityConfig};

let enterprise_backup_config = EnterpriseBackupSecurityConfig::new()
    .with_enterprise_backup_security(true)
    .with_enterprise_backup_file_security(true)
    .with_path_validation(true)
    .with_traversal_detection(true)
    .with_encoding_detection(true)
    .with_unicode_detection(true);

let validator = PathValidator::new()
    .with_enterprise_backup_security_config(enterprise_backup_config);

// Validate enterprise backup file paths
let enterprise_backup_path = "/enterprise-backups/daily/2024-01-01/enterprise-data.tar.gz";
match validator.validate_path(enterprise_backup_path) {
    Ok(validated_path) => {
        // Safe to create the enterprise backup
        create_enterprise_backup(validated_path);
    }
    Err(error) => {
        // Block the enterprise backup operation and log the security event
        log_security_event("Enterprise backup path validation failed", error);
        return_enterprise_backup_error("Invalid enterprise backup path");
    }
}
```

## Security Monitoring

### Security Event Monitoring

**Scenario**: A security monitoring system needs to track and analyze path security events.

**Solution**:
```rust
use path_security::{PathValidator, SecurityMonitoringConfig};

let monitoring_config = SecurityMonitoringConfig::new()
    .with_security_monitoring(true)
    .with_security_event_monitoring(true)
    .with_threat_monitoring(true)
    .with_anomaly_monitoring(true)
    .with_incident_monitoring(true);

let validator = PathValidator::new()
    .with_security_monitoring_config(monitoring_config);

// Monitor path security events
let path = "../../../etc/passwd";
match validator.validate_path(path) {
    Ok(validated_path) => {
        // Path is valid, log the event
        log_security_event("Path validation successful", validated_path);
    }
    Err(error) => {
        // Path validation failed, log the security event
        log_security_event("Path validation failed", error);
        alert_security_team("Potential security threat detected");
    }
}
```

### Threat Intelligence

**Scenario**: A threat intelligence system needs to analyze path security threats and provide intelligence.

**Solution**:
```rust
use path_security::{PathValidator, ThreatIntelligenceConfig};

let threat_intel_config = ThreatIntelligenceConfig::new()
    .with_threat_intelligence(true)
    .with_threat_analysis(true)
    .with_threat_reporting(true)
    .with_threat_alerting(true);

let validator = PathValidator::new()
    .with_threat_intelligence_config(threat_intel_config);

// Analyze path security threats
let path = "../../../etc/passwd";
match validator.validate_path(path) {
    Ok(validated_path) => {
        // Path is valid, update threat intelligence
        update_threat_intelligence("Path validation successful", validated_path);
    }
    Err(error) => {
        // Path validation failed, update threat intelligence
        update_threat_intelligence("Path validation failed", error);
        generate_threat_report("Potential security threat detected");
    }
}
```

## Conclusion

These use cases demonstrate the comprehensive security capabilities of the Path Security module across various domains and scenarios. By implementing these security measures, you can ensure that your applications are protected against path traversal attacks and other security vulnerabilities.

Key use case categories:

1. **Web Application Security**: File upload, API, and CMS security
2. **File System Security**: File access control, directory traversal protection, and backup security
3. **Database Security**: Database file and log security
4. **Cloud Security**: Cloud storage and backup security
5. **Enterprise Security**: Enterprise file system and backup security
6. **Security Monitoring**: Security event monitoring and threat intelligence