strict-path 0.1.1

[package]

name = "strict-path"

version = "0.1.1"

edition = "2021"

# Minimum supported Rust version (MSRV)

rust-version = "1.71"

authors = ["David Krasnitsky <dikaveman@gmail.com>"]

description = "Handle paths from external or unknown sources securely. Defends against 19+ real-world CVEs including symlinks, Windows 8.3 short names, and encoding tricks and exploits."

license = "MIT OR Apache-2.0"

repository = "https://github.com/DK26/strict-path-rs"

homepage = "https://github.com/DK26/strict-path-rs"

documentation = "https://docs.rs/strict-path"

# Complete guide and examples: https://dk26.github.io/strict-path-rs/

readme = "../README.md"

keywords = ["path", "security", "sandbox", "filesystem", "traversal"]

categories = ["filesystem", "development-tools", "web-programming::http-server"]

# The path is now relative to the workspace root

exclude = ["../demos/**"]



[dependencies]

soft-canonicalize = { version = "0.5.3", features = ["anchored"] }



[dev-dependencies]

tempfile = "3.22"

serde = { version = "1", features = ["derive"] }

serde_json = "1"

dirs = "6.0.0"

app-path = "1.1.2"



# Windows test helper: junctions for symlink tests when admin privileges unavailable

[target.'cfg(windows)'.dev-dependencies]

junction = "1.4.1"



# Optional Windows junction support for the library API

[target.'cfg(windows)'.dependencies]

junction = { version = "1.4.1", optional = true }



[features]

# Opt-in virtual filesystem support (VirtualRoot, VirtualPath)

default = []

virtual-path = []

# Windows-only: enable built-in junction creation helpers using the `junction` crate

junctions = ["dep:junction"]



[lints.rust]

unexpected_cfgs = { level = "warn", check-cfg = ['cfg(kani)'] }



[package.metadata.docs.rs]

all-features = true



[[example]]

name = "user_virtual_root"

path = "examples/user_virtual_root.rs"

required-features = ["virtual-path"]



[[example]]

name = "vroot_one_liner"

path = "examples/vroot_one_liner.rs"

required-features = ["virtual-path"]