strict-path 0.2.2

Secure path handling for untrusted input. Prevents directory traversal, symlink escapes, and 19+ real-world CVE attack patterns.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

use crate::{PathBoundary, StrictPathError};

#[test]
fn test_strict_path_accessors_and_manipulation() {
    let temp = tempfile::tempdir().unwrap();
    let restriction: PathBoundary = PathBoundary::try_new(temp.path()).unwrap();

    // Create a file and directories inside the PathBoundary to exercise I/O/metadata too.
    let dir = restriction.strict_join("dir").unwrap();
    dir.create_dir_all().unwrap();
    let file = restriction.strict_join("dir/file.txt").unwrap();
    file.write("hello").unwrap();

    // Basic accessors
    let display_str = file.strictpath_display().to_string();
    assert!(!display_str.is_empty());

    // Components
    assert_eq!(
        file.strictpath_file_name().unwrap().to_string_lossy(),
        "file.txt"
    );
    assert_eq!(
        file.strictpath_file_stem().unwrap().to_string_lossy(),
        "file"
    );
    assert_eq!(
        file.strictpath_extension().unwrap().to_string_lossy(),
        "txt"
    );

    // Starts/ends checks
    assert!(file.strictpath_starts_with(restriction.interop_path()));
    assert!(file.strictpath_ends_with("file.txt"));

    // Parent
    let parent = file.strictpath_parent().unwrap().unwrap();
    assert!(parent.strictpath_ends_with("dir"));

    // strict_join (appends relative component)
    let joined = file.strict_join("sibling.log").unwrap();
    assert!(joined.strictpath_ends_with("file.txt/sibling.log"));

    // with file name/extension
    let renamed = file.strictpath_with_file_name("renamed.bin").unwrap();
    assert!(renamed.strictpath_ends_with("dir/renamed.bin"));
    let changed_ext = file.strictpath_with_extension("bak").unwrap();
    assert!(changed_ext.strictpath_ends_with("dir/file.bak"));

    // Error case: cannot apply extension at PathBoundary root (no file name)
    let root: crate::path::strict_path::StrictPath<()> =
        crate::path::strict_path::StrictPath::with_boundary(temp.path()).unwrap();
    let err = root.strictpath_with_extension("x").unwrap_err();
    match err {
        StrictPathError::PathEscapesBoundary { .. } => {}
        other => panic!("Unexpected error: {other:?}"),
    }

    // I/O operations sanity
    assert!(file.exists());
    assert!(file.is_file());
    assert!(!dir.is_file());
    assert!(dir.is_dir());
    let md = file.metadata().unwrap();
    assert!(md.len() > 0);
    assert_eq!(file.read_to_string().unwrap(), "hello");
    let bytes = file.read().unwrap();
    assert_eq!(bytes, b"hello");

    // Removal APIs
    let tmp_sub = restriction.strict_join("dir/tmp").unwrap();
    tmp_sub.create_dir_all().unwrap();
    let tmp_file = restriction.strict_join("dir/tmp/note.txt").unwrap();
    tmp_file.write("bye").unwrap();
    assert!(tmp_file.exists());
    tmp_file.remove_file().unwrap();
    assert!(!tmp_file.exists());
    tmp_sub.remove_dir().unwrap();
    assert!(!tmp_sub.exists());
    let deep_dir = restriction.strict_join("deep/a/b").unwrap();
    deep_dir.create_dir_all().unwrap();
    let deep_root = restriction.strict_join("deep").unwrap();
    deep_root.remove_dir_all().unwrap();
    assert!(!deep_root.exists());
}

#[cfg(feature = "virtual-path")]
#[test]
fn test_virtual_path_components_and_checks() {
    let temp = tempfile::tempdir().unwrap();
    let restriction: PathBoundary = PathBoundary::try_new(temp.path()).unwrap();
    let jp = restriction.strict_join("a/b.txt").unwrap();
    let vp = jp.clone().virtualize();

    // Virtual display/string is rooted
    assert_eq!(vp.virtualpath_display().to_string(), "/a/b.txt");

    // Virtual components
    assert_eq!(
        vp.virtualpath_file_name().unwrap().to_string_lossy(),
        "b.txt"
    );
    assert_eq!(vp.virtualpath_file_stem().unwrap().to_string_lossy(), "b");
    assert_eq!(vp.virtualpath_extension().unwrap().to_string_lossy(), "txt");

    // Starts/ends checks
    assert!(vp.virtualpath_starts_with("a"));
    assert!(vp.virtualpath_ends_with("b.txt"));

    // Virtual path manipulation
    let vparent = vp.virtualpath_parent().unwrap().unwrap();
    assert_eq!(vparent.virtualpath_display().to_string(), "/a");
    let vsib = vp.virtual_join("c.log").unwrap();
    assert_eq!(vsib.virtualpath_display().to_string(), "/a/b.txt/c.log");

    // Cross accessors should match
    assert_eq!(
        vp.as_unvirtual().strictpath_display().to_string(),
        jp.strictpath_display().to_string()
    );
    assert_eq!(
        vp.as_unvirtual().strictpath_display().to_string(),
        jp.strictpath_display().to_string()
    );

    // Delegated I/O operations from VirtualPath
    let vfile = restriction
        .strict_join("delegated/x.txt")
        .unwrap()
        .virtualize();
    let vdir = restriction.strict_join("delegated").unwrap().virtualize();
    vdir.create_dir_all().unwrap();
    vfile.write(b"vdata").unwrap();
    assert!(vfile.exists());
    assert!(vfile.is_file());
    assert!(vdir.is_dir());
    assert_eq!(vfile.read().unwrap(), b"vdata");
    assert_eq!(vfile.read_to_string().unwrap(), "vdata");
    vfile.remove_file().unwrap();
    assert!(!vfile.exists());
}