Crate path_ratchet
source ·Expand description
PathBuf::push
allows any form of path traversal:
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push(user_input);
assert_eq!(filename, PathBuf::from("/etc/shadow"));
Contrary <PathBuf as PushPathComponent>::push_component
requires a path with only a single element.
ⓘ
use std::path::PathBuf;
use path_ratchet::prelude::*;
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());
Security
It is essential to check the path on the same platform it is used on.
As an example the path C:\path\to\file.txt
will be interpreted as a file or directory name on an UNIX-system.
SingleComponentPath::new(r"C:\path\to\file.txt").unwrap();
Modules
- All needed defenitions
Structs
- A safe wrapper for a
Path
. This prevents path traversal attacks. - A safe wrapper for a
PathBuf
. This prevents path traversal attacks. - A safe wrapper for a
Path
with only a single component. This prevents path traversal attacks. - A safe wrapper for a
PathBuf
with only a single component. This prevents path traversal attacks.
Traits
- Extension trait for
PathBuf
to push only components which don’t allow path traversal.