Skip to main content

verify_path_still_valid

elo_rust::security

Function verify_path_still_valid 

Source 
pub fn verify_path_still_valid(
    path: &PathBuf,
    validation_cwd: &PathBuf,
) -> Result<()>
Expand description

Verifies that a previously validated path is still valid

§SECURITY FIX #5: TOCTOU Prevention

Checks that:

  1. CWD hasn’t changed since validation
  2. Path still stays within the original CWD

§Arguments

  • path - The path to verify
  • validation_cwd - The CWD captured at validation time

§Returns

  • Ok(()) if path is still valid
  • Err(io::Error) if validation has been compromised