#[test]
fn readme_policy_types_example() -> Result<(), Box<dyn std::error::Error>> {
use crate::PathBoundary;
#[cfg(feature = "virtual-path")]
use crate::VirtualRoot;
let temp_dir = tempfile::tempdir()?.keep();
let uploads_dir: crate::PathBoundary = PathBoundary::try_new_create(temp_dir.join("uploads"))?;
let user_provided_path = "documents/report.pdf"; let user_file = uploads_dir.strict_join(user_provided_path)?;
user_file.create_parent_dir_all()?;
user_file.write(b"file contents")?;
let contents = user_file.read_to_string()?;
assert_eq!(contents, "file contents");
let malicious_input = "../../etc/passwd"; match uploads_dir.strict_join(malicious_input) {
Ok(_) => panic!("Escapes should be caught!"),
Err(e) => println!("Attack blocked: {e}"), }
#[cfg(feature = "virtual-path")]
{
let tenant_id = "alice";
let tenant_vroot: crate::VirtualRoot =
VirtualRoot::try_new_create(temp_dir.join(format!("tenant_data/{tenant_id}")))?;
let tenant_file = tenant_vroot.virtual_join("../../../sensitive")?;
println!("Virtual path: {}", tenant_file.virtualpath_display()); assert_eq!(tenant_file.virtualpath_display().to_string(), "/sensitive");
}
Ok(())
}
#[test]
fn readme_one_liner_sugar_example() -> Result<(), Box<dyn std::error::Error>> {
use crate::StrictPath;
#[cfg(feature = "virtual-path")]
use crate::VirtualPath;
let temp_dir = tempfile::tempdir()?.keep();
let config_file: crate::StrictPath =
StrictPath::with_boundary_create(temp_dir.join("config"))?.strict_join("app.toml")?;
config_file.write(b"settings")?;
#[cfg(feature = "virtual-path")]
{
let user_id = "alice";
let user_avatar: crate::VirtualPath =
VirtualPath::with_root_create(temp_dir.join(format!("user_data/{user_id}")))?
.virtual_join("/profile/avatar.png")?;
user_avatar.create_parent_dir_all()?;
user_avatar.write(b"image data")?;
assert_eq!(
user_avatar.virtualpath_display().to_string(),
"/profile/avatar.png"
);
}
Ok(())
}
#[test]
fn readme_disaster_prevention_example() -> Result<(), Box<dyn std::error::Error>> {
use crate::StrictPath;
let temp_dir = tempfile::tempdir()?.keep();
let user_input = "../../../etc/passwd";
let uploads_dir: crate::StrictPath =
StrictPath::with_boundary_create(temp_dir.join("uploads"))?;
let result = uploads_dir.strict_join(user_input);
assert!(result.is_err());
Ok(())
}
#[test]
fn readme_typical_workflow_strict_links_example() -> Result<(), Box<dyn std::error::Error>> {
use crate::PathBoundary;
let temp_dir = tempfile::tempdir()?.keep();
let link_demo_dir: crate::PathBoundary =
PathBoundary::try_new_create(temp_dir.join("link_demo"))?;
let target = link_demo_dir.strict_join("data/target.txt")?;
target.create_parent_dir_all()?;
target.write(b"hello")?;
target.strict_hard_link("alias.txt")?;
let alias = link_demo_dir.strict_join("data/alias.txt")?;
assert_eq!(alias.read_to_string()?, "hello");
Ok(())
}
#[cfg(feature = "virtual-path")]
#[test]
fn readme_typical_workflow_virtual_links_example() -> Result<(), Box<dyn std::error::Error>> {
use crate::VirtualRoot;
let temp_dir = tempfile::tempdir()?.keep();
let tenant_id = "tenant42";
let vroot: crate::VirtualRoot =
VirtualRoot::try_new_create(temp_dir.join(format!("vlink_demo/{tenant_id}")))?;
let vtarget = vroot.virtual_join("/data/target.txt")?;
vtarget.create_parent_dir_all()?;
vtarget.write(b"hi")?;
vtarget.virtual_hard_link("alias.txt")?;
let valias = vroot.virtual_join("/data/alias.txt")?;
assert_eq!(valias.read_to_string()?, "hi");
Ok(())
}
#[test]
fn readme_interop_path_example() -> Result<(), Box<dyn std::error::Error>> {
use crate::StrictPath;
let temp_dir = tempfile::tempdir()?.keep();
let user_input = "report.txt"; let validated_file: crate::StrictPath =
StrictPath::with_boundary_create(temp_dir.join("data"))?.strict_join(user_input)?;
validated_file.write(b"report contents")?;
assert!(validated_file.exists());
let contents = validated_file.read_to_string()?;
assert_eq!(contents, "report contents");
let display = validated_file.strictpath_display().to_string();
assert!(display.contains("report.txt"));
Ok(())
}