pub fn materialize_snapshot(
snapshot: &Path,
output: &Path,
) -> Result<(), GitClosureError>Expand description
Materializes a snapshot into output, creating the directory tree and
restoring file contents and permissions.
Preconditions:
outputmust be empty or newly created. Materializing into a non-empty directory is rejected to prevent TOCTOU-style symlink-escalation attacks via pre-planted symlinks that bypass the lexical containment check.- All paths in the snapshot must be safe (no
.., no absolute paths). - Symlink targets must not escape
outputwhen resolved lexically. - On non-Unix platforms, mode parsing still occurs but applying POSIX permissions is intentionally a no-op in v0.1.