PathBoundary

strict_path::validator::path_boundary

Struct PathBoundary 

Source 
pub struct PathBoundary<Marker = ()> { /* private fields */ }
Expand description

A path boundary that serves as the secure foundation for validated path operations.

SUMMARY: Represent the trusted filesystem boundary directory for all strict and virtual path operations. All StrictPath/VirtualPath values derived from a PathBoundary are guaranteed to remain within this boundary.

EXAMPLE:

let boundary = PathBoundary::<()>::try_new_create("./data")?;
let file = boundary.strict_join("logs/app.log")?;
println!("{}", file.strictpath_display());

Implementations§

Source§

impl<Marker> PathBoundary<Marker>

Source

pub fn try_new<P: AsRef<Path>>(restriction_path: P) -> Result<Self>

Creates a new PathBoundary anchored at restriction_path (which must already exist and be a directory).

SUMMARY: Create a boundary anchored at an existing directory (must exist and be a directory).

PARAMETERS:

  • restriction_path (AsRef<Path>): Existing directory to anchor the boundary.

RETURNS:

  • Result<PathBoundary<Marker>>: New boundary whose directory is canonicalized and verified to exist.

ERRORS:

  • StrictPathError::InvalidRestriction: Boundary directory is missing, not a directory, or cannot be canonicalized.

EXAMPLE: Uses AsRef<Path> for maximum ergonomics, including direct TempDir support for clean shadowing patterns:

use strict_path::PathBoundary;
let tmp_dir = tempfile::tempdir()?;
let tmp_dir = PathBoundary::<()>::try_new(tmp_dir)?; // Clean variable shadowing
Source

pub fn try_new_create<P: AsRef<Path>>(boundary_dir: P) -> Result<Self>

Creates the directory if missing, then constructs a new PathBoundary.

SUMMARY: Ensure the boundary directory exists (create if missing) and construct a new boundary.

PARAMETERS:

  • boundary_dir (AsRef<Path>): Directory to create if needed and use as the boundary directory.

RETURNS:

  • Result<PathBoundary<Marker>>: New boundary anchored at boundary_dir.

ERRORS:

  • StrictPathError::InvalidRestriction: Directory creation/canonicalization fails.

EXAMPLE: Uses AsRef<Path> for maximum ergonomics, including direct TempDir support for clean shadowing patterns:

use strict_path::PathBoundary;
let tmp_dir = tempfile::tempdir()?;
let tmp_dir = PathBoundary::<()>::try_new_create(tmp_dir)?; // Clean variable shadowing
Source

pub fn strict_join( &self, candidate_path: impl AsRef<Path>, ) -> Result<StrictPath<Marker>>

SUMMARY: Join a candidate path to the boundary and return a validated StrictPath.

PARAMETERS:

  • candidate_path (AsRef<Path>): Absolute or relative path to validate within this boundary.

RETURNS:

  • Result<StrictPath<Marker>>: Canonicalized, boundary-checked path.

ERRORS:

  • StrictPathError::PathResolutionError, StrictPathError::PathEscapesBoundary.
Source

pub fn change_marker<NewMarker>(self) -> PathBoundary<NewMarker>

SUMMARY: Consume this boundary and substitute a new marker type.

DETAILS: Mirrors crate::StrictPath::change_marker and crate::VirtualPath::change_marker, enabling marker transformation after authorization checks. Use this when encoding proven authorization into the type system (e.g., after validating a user’s permissions). The consumption makes marker changes explicit during code review.

PARAMETERS:

  • NewMarker (type parameter): Marker to associate with the boundary.

RETURNS:

  • PathBoundary<NewMarker>: Same underlying boundary, rebranded with NewMarker.

EXAMPLE:

struct ReadOnly;
struct ReadWrite;

let read_boundary: PathBoundary<ReadOnly> = PathBoundary::try_new(&boundary_dir)?;

// After authorization check...
let write_boundary: PathBoundary<ReadWrite> = read_boundary.change_marker();
Source

pub fn into_strictpath(self) -> Result<StrictPath<Marker>>

SUMMARY: Consume this boundary and return a StrictPath anchored at the boundary directory.

PARAMETERS:

  • none

RETURNS:

  • Result<StrictPath<Marker>>: Strict path for the canonicalized boundary directory.

ERRORS:

  • StrictPathError::PathResolutionError: Canonicalization fails (directory removed or inaccessible).
  • StrictPathError::PathEscapesBoundary: Guard against race conditions that move the directory.

EXAMPLE:

let boundary: PathBoundary = PathBoundary::try_new(&boundary_dir)?;
let boundary_path: StrictPath = boundary.into_strictpath()?;
assert!(boundary_path.is_dir());
Source

pub fn exists(&self) -> bool

Returns true if the PathBoundary directory exists.

This is always true for a constructed PathBoundary, but we query the filesystem for robustness.

Source

pub fn interop_path(&self) -> &OsStr

SUMMARY: Return the boundary directory path as &OsStr for unavoidable third-party AsRef<Path> interop (no allocation).

Source

pub fn strictpath_display(&self) -> Display<'_>

Returns a Display wrapper that shows the PathBoundary directory system path.

Source

pub fn metadata(&self) -> Result<Metadata>

SUMMARY: Return filesystem metadata for the boundary directory.

SUMMARY: Create a symbolic link at link_path pointing to this boundary’s directory.

PARAMETERS:

  • link_path (&StrictPath<Marker>): Destination for the symlink, within the same boundary.

RETURNS:

  • io::Result<()>: Mirrors std semantics.

SUMMARY: Create a hard link at link_path pointing to this boundary’s directory.

PARAMETERS and RETURNS mirror strict_symlink.

Source

pub fn read_dir(&self) -> Result<ReadDir>

SUMMARY: Read directory entries under the boundary directory (discovery only).

Source

pub fn remove_dir(&self) -> Result<()>

SUMMARY: Remove the boundary directory (non-recursive); fails if not empty.

Source

pub fn remove_dir_all(&self) -> Result<()>

SUMMARY: Recursively remove the boundary directory and its contents.

Source

pub fn virtualize(self) -> VirtualRoot<Marker>

SUMMARY: Convert this boundary into a VirtualRoot for virtual path operations.

Source

pub fn try_new_os_config(app_name: &str) -> Result<Self>

Creates a PathBoundary in the OS standard config directory for the given application.

Cross-Platform Behavior:

  • Linux: ~/.config/{app_name} (XDG Base Directory Specification)
  • Windows: %APPDATA%\{app_name} (Known Folder API - Roaming AppData)
  • macOS: ~/Library/Application Support/{app_name} (Apple Standard Directories)

Respects environment variables like $XDG_CONFIG_HOME on Linux systems.

Source

pub fn try_new_os_data(app_name: &str) -> Result<Self>

Creates a PathBoundary in the OS standard data directory for the given application.

Cross-Platform Behavior:

  • Linux: ~/.local/share/{app_name} (XDG Base Directory Specification)
  • Windows: %APPDATA%\{app_name} (Known Folder API - Roaming AppData)
  • macOS: ~/Library/Application Support/{app_name} (Apple Standard Directories)

Respects environment variables like $XDG_DATA_HOME on Linux systems.

Source

pub fn try_new_os_cache(app_name: &str) -> Result<Self>

Creates a PathBoundary in the OS standard cache directory for the given application.

Cross-Platform Behavior:

  • Linux: ~/.cache/{app_name} (XDG Base Directory Specification)
  • Windows: %LOCALAPPDATA%\{app_name} (Known Folder API - Local AppData)
  • macOS: ~/Library/Caches/{app_name} (Apple Standard Directories)

Respects environment variables like $XDG_CACHE_HOME on Linux systems.

Source

pub fn try_new_os_config_local(app_name: &str) -> Result<Self>

Creates a PathBoundary in the OS local config directory (non-roaming on Windows).

Cross-Platform Behavior:

  • Linux: ~/.config/{app_name} (same as config_dir)
  • Windows: %LOCALAPPDATA%\{app_name} (Known Folder API - Local AppData)
  • macOS: ~/Library/Application Support/{app_name} (same as config_dir)
Source

pub fn try_new_os_data_local(app_name: &str) -> Result<Self>

Creates a PathBoundary in the OS local data directory.

Cross-Platform Behavior:

  • Linux: ~/.local/share/{app_name} (same as data_dir)
  • Windows: %LOCALAPPDATA%\{app_name} (Known Folder API - Local AppData)
  • macOS: ~/Library/Application Support/{app_name} (same as data_dir)
Source

pub fn try_new_os_home() -> Result<Self>

Creates a PathBoundary in the user’s home directory.

Cross-Platform Behavior:

  • Linux: $HOME
  • Windows: %USERPROFILE% (e.g., C:\Users\Username)
  • macOS: $HOME
Source

pub fn try_new_os_desktop() -> Result<Self>

Creates a PathBoundary in the user’s desktop directory.

Cross-Platform Behavior:

  • Linux: $HOME/Desktop or XDG_DESKTOP_DIR
  • Windows: %USERPROFILE%\Desktop
  • macOS: $HOME/Desktop
Source

pub fn try_new_os_documents() -> Result<Self>

Creates a PathBoundary in the user’s documents directory.

Cross-Platform Behavior:

  • Linux: $HOME/Documents or XDG_DOCUMENTS_DIR
  • Windows: %USERPROFILE%\Documents
  • macOS: $HOME/Documents
Source

pub fn try_new_os_downloads() -> Result<Self>

Creates a PathBoundary in the user’s downloads directory.

Cross-Platform Behavior:

  • Linux: $HOME/Downloads or XDG_DOWNLOAD_DIR
  • Windows: %USERPROFILE%\Downloads
  • macOS: $HOME/Downloads
Source

pub fn try_new_os_pictures() -> Result<Self>

Creates a PathBoundary in the user’s pictures directory.

Cross-Platform Behavior:

  • Linux: $HOME/Pictures or XDG_PICTURES_DIR
  • Windows: %USERPROFILE%\Pictures
  • macOS: $HOME/Pictures
Source

pub fn try_new_os_audio() -> Result<Self>

Creates a PathBoundary in the user’s music/audio directory.

Cross-Platform Behavior:

  • Linux: $HOME/Music or XDG_MUSIC_DIR
  • Windows: %USERPROFILE%\Music
  • macOS: $HOME/Music
Source

pub fn try_new_os_videos() -> Result<Self>

Creates a PathBoundary in the user’s videos directory.

Cross-Platform Behavior:

  • Linux: $HOME/Videos or XDG_VIDEOS_DIR
  • Windows: %USERPROFILE%\Videos
  • macOS: $HOME/Movies
Source

pub fn try_new_os_executables() -> Result<Self>

Creates a PathBoundary in the OS executable directory (Linux only).

Platform Availability:

  • Linux: ~/.local/bin or $XDG_BIN_HOME
  • Windows: Returns error (not available)
  • macOS: Returns error (not available)
Source

pub fn try_new_os_runtime() -> Result<Self>

Creates a PathBoundary in the OS runtime directory (Linux only).

Platform Availability:

  • Linux: $XDG_RUNTIME_DIR (session-specific, user-only access)
  • Windows: Returns error (not available)
  • macOS: Returns error (not available)
Source

pub fn try_new_os_state(app_name: &str) -> Result<Self>

Creates a PathBoundary in the OS state directory (Linux only).

Platform Availability:

  • Linux: ~/.local/state/{app_name} or $XDG_STATE_HOME/{app_name}
  • Windows: Returns error (not available)
  • macOS: Returns error (not available)
Source

pub fn try_new_temp() -> Result<Self>

Creates a PathBoundary in a unique temporary directory with RAII cleanup.

Returns a StrictPath pointing to the temporary boundary directory. The directory will be automatically cleaned up when the StrictPath is dropped.

§Example
use strict_path::PathBoundary;

// Get a validated temp directory path directly
let temp_boundary = PathBoundary::<()>::try_new_temp()?;
let user_input = "uploads/document.pdf";
let validated_path = temp_boundary.strict_join(user_input)?; // Returns StrictPath
// Ensure parent directories exist before writing
validated_path.create_parent_dir_all()?;
validated_path.write(b"content")?; // Prefer strict-path helpers over std::fs
// temp_boundary is dropped here, directory gets cleaned up automatically
Source

pub fn try_new_temp_with_prefix(prefix: &str) -> Result<Self>

Creates a PathBoundary in a temporary directory with a custom prefix and RAII cleanup.

Returns a StrictPath pointing to the prefixed temporary boundary directory. The directory will be automatically cleaned up when the StrictPath is dropped.

§Example
use strict_path::PathBoundary;

// Get a validated temp directory path with session prefix
let upload_boundary = PathBoundary::<()>::try_new_temp_with_prefix("upload_batch")?;
let user_file = upload_boundary.strict_join("user_document.pdf")?; // Validate path
// Process validated path with direct filesystem operations
// upload_boundary is dropped here, directory gets cleaned up automatically
Source

pub fn try_new_app_path<P: AsRef<Path>>( subdir: P, env_override: Option<&str>, ) -> Result<Self>

SUMMARY: Create a boundary using app-path semantics (portable app-relative directory) with optional env override.

PARAMETERS:

  • subdir (AsRef<Path>): Subdirectory path relative to the executable (or override directory).
  • env_override (Option<&str>): Optional environment variable name; when present and set, its value is used as the base directory instead of the executable directory.

RETURNS:

  • Result<PathBoundary<Marker>>: Created/validated boundary at the resolved app-path location.

ERRORS:

  • StrictPathError::InvalidRestriction: If resolution fails or directory cannot be created/validated.

EXAMPLE:

use strict_path::PathBoundary;

// Creates ./config/ relative to executable
let config_restriction = PathBoundary::<()>::try_new_app_path("config", None)?;

// With environment override (checks MYAPP_CONFIG_DIR first)
let config_restriction = PathBoundary::<()>::try_new_app_path("config", Some("MYAPP_CONFIG_DIR"))?;
Source

pub fn try_new_app_path_with_env<P: AsRef<Path>>( subdir: P, env_override: &str, ) -> Result<Self>

SUMMARY: Create a boundary using app-path, always consulting a specific environment variable first.

PARAMETERS:

  • subdir (AsRef<Path>): Subdirectory used with app-path resolution.
  • env_override (&str): Environment variable name to check for a base directory.

RETURNS:

  • Result<PathBoundary<Marker>>: New boundary anchored using app-path semantics.

ERRORS:

  • StrictPathError::InvalidRestriction: If resolution fails or the directory can’t be created/validated.

Trait Implementations§

Source§

impl<Marker> AsRef<Path> for PathBoundary<Marker>

Source§

fn as_ref(&self) -> &Path

Converts this type into a shared reference of the (usually inferred) input type.
Source§

impl<Marker> Clone for PathBoundary<Marker>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<Marker> Debug for PathBoundary<Marker>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<Marker: Default> FromStr for PathBoundary<Marker>

Source§

fn from_str(path: &str) -> Result<Self, Self::Err>

Parse a PathBoundary from a string path for universal ergonomics.

Creates the directory if it doesn’t exist, enabling seamless integration with any string-parsing context (clap, config files, environment variables, etc.):

let temp_dir = tempfile::tempdir()?;
let safe_path = temp_dir.path().join("safe_dir");
let boundary: PathBoundary<()> = safe_path.to_string_lossy().parse()?;
assert!(safe_path.exists());
Source§

type Err = StrictPathError

The associated error which can be returned from parsing.
Source§

impl<Marker> Hash for PathBoundary<Marker>

Source§

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl<Marker> Ord for PathBoundary<Marker>

Source§

fn cmp(&self, other: &Self) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl<Marker> PartialEq<&Path> for PathBoundary<Marker>

Source§

fn eq(&self, other: &&Path) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<Marker> PartialEq<Path> for PathBoundary<Marker>

Source§

fn eq(&self, other: &Path) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<M1, M2> PartialEq<PathBoundary<M2>> for PathBoundary<M1>

Source§

fn eq(&self, other: &PathBoundary<M2>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<M1, M2> PartialEq<PathBoundary<M2>> for VirtualRoot<M1>

Source§

fn eq(&self, other: &PathBoundary<M2>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<Marker> PartialEq<PathBuf> for PathBoundary<Marker>

Source§

fn eq(&self, other: &PathBuf) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<M1, M2> PartialEq<VirtualRoot<M2>> for PathBoundary<M1>

Available on crate feature virtual-path only.
Source§

fn eq(&self, other: &VirtualRoot<M2>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<Marker> PartialOrd for PathBoundary<Marker>

Source§

fn partial_cmp(&self, other: &Self) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl<Marker> Eq for PathBoundary<Marker>

Auto Trait Implementations§

§

impl<Marker> Freeze for PathBoundary<Marker>

§

impl<Marker> RefUnwindSafe for PathBoundary<Marker>
where Marker: RefUnwindSafe,

§

impl<Marker> Send for PathBoundary<Marker>
where Marker: Send,

§

impl<Marker> Sync for PathBoundary<Marker>
where Marker: Sync,

§

impl<Marker> Unpin for PathBoundary<Marker>
where Marker: Unpin,

§

impl<Marker> UnwindSafe for PathBoundary<Marker>
where Marker: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.