Module path_security 

Path-traversal-safe join primitive (CWE-22 guard).

safe_join resolves a caller-supplied relative path against a base directory at the string layer, rejecting any input that would escape the base via .., an absolute path, a drive / UNC prefix, or a NUL byte. It is the companion to the capability-based cap-std migration described in skills/rust-path-security.md; until that lands it gives every external-input path junction a single, audited choke point.

Functions

is_safe_relative_path

Whether input is a safe relative subpath: no .. traversal, not absolute, no drive / UNC prefix, no NUL byte.

safe_join

Join input onto base, returning None if input would escape base.