Expand description
A zero-dependency filesystem sandbox for Rust.
Restricts paths to a root directory, preventing traversal attacks while supporting files that don’t exist yet.
§Quick Start
For one-off validation, use the join function:
let safe_path = path_jail::join("/var/uploads", "user/file.txt")?;
std::fs::write(&safe_path, b"hello")?;For validating multiple paths, create a Jail and reuse it:
use path_jail::Jail;
let jail = Jail::new("/var/uploads")?;
let path1 = jail.join("report.pdf")?;
let path2 = jail.join("data.csv")?;§Security
This crate blocks:
- Path traversal (
../../etc/passwd) - Symlink escapes (symlinks pointing outside the jail)
- Absolute path injection (
/etc/passwd)
See Jail for details on the security model.
Structs§
- Jail
- A filesystem sandbox that restricts paths to a root directory.
Enums§
Functions§
- join
- Validate a path in one shot.