Expand description
PathBuf::push allows any form of path traversal:
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push(user_input);
assert_eq!(filename, PathBuf::from("/etc/shadow"));Contrary <PathBuf as PushPathComponent>::push_component requires a path with only a single element.
ⓘ
use std::path::PathBuf;
use path_ratchet::prelude::*;
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());§Security
It is essential to check the path on the same platform it is used on.
As an example the absolute windows path C:\path\to\file.txt will be interpreted as a simple file or directory name on an UNIX-system.
SingleComponentPath::new(r"C:\path\to\file.txt").unwrap();Further path-ratchet is effective against classic path traversals where the path is an untrusted input in the threat model.
In threat models where the attacker has access to the file system (e.g. can create symlinks), this approach isn’t sufficent and should be complemented with sandboxing and/or a capability based approach (e.g. cap-std)
§Features
serde
It is compatible with clap by default.
Modules§
- prelude
- All needed defenitions
Structs§
- Multi
Component Path - A safe wrapper for a
Path. This prevents path traversal attacks. - Multi
Component Path Buf - A safe wrapper for a
PathBuf. This prevents path traversal attacks. - Single
Component Path - A safe wrapper for a
Pathwith only a single component. This prevents path traversal attacks. - Single
Component Path Buf - A safe wrapper for a
PathBufwith only a single component. This prevents path traversal attacks.
Traits§
- Push
Path Component - Extension trait for
PathBufto push only components which don’t allow path traversal.