Module security 

Security checks for path containment and output file protection

Provides protection against path traversal attacks and detection of output files to prevent infinite loops during directory walking.

Structs

FileIdentity

File identity for comparing if a file is the same as stdout

Functions

get_stdout_identity

Get the file identity for stdout

is_canonical_within_root

Check if a canonical path is within a canonical root directory

is_output_file

Check if a file path refers to the same file as stdout

is_within_root

Check if a path is within a given root directory

output_protection_threshold

Threshold for shell redirection detection (configurable via env var)