Skip to main content

VirtualRoot

strict_path::validator::virtual_root

Struct VirtualRoot 

Source 
pub struct VirtualRoot<Marker = ()> { /* private fields */ }
Expand description

Provide a user‑facing virtual root that produces VirtualPath values clamped to a boundary.

Implementations§

Source§

impl<Marker> VirtualRoot<Marker>

Source

pub fn try_new<P: AsRef<Path>>(root_path: P) -> Result<Self>

Create a VirtualRoot from an existing directory.

§Errors
  • StrictPathError::InvalidRestriction: Root invalid or cannot be canonicalized.
§Examples
use strict_path::VirtualRoot;
let vroot = VirtualRoot::<()>::try_new("./data")?;
Source

pub fn metadata(&self) -> Result<Metadata>

Return filesystem metadata for the underlying root directory.

Source

pub fn into_virtualpath(self) -> Result<VirtualPath<Marker>>

Consume this virtual root and return the rooted VirtualPath (“/”).

§Errors
  • StrictPathError::PathResolutionError: Canonicalization fails (root removed or inaccessible).
  • StrictPathError::PathEscapesBoundary: Root moved outside the boundary between checks.
§Examples
let vroot: VirtualRoot = VirtualRoot::try_new(&root)?;
let root_virtual: VirtualPath = vroot.into_virtualpath()?;
assert_eq!(root_virtual.virtualpath_display().to_string(), "/");
Source

pub fn change_marker<NewMarker>(self) -> VirtualRoot<NewMarker>

Consume this virtual root and substitute a new marker type.

Mirrors crate::PathBoundary::change_marker, crate::StrictPath::change_marker, and crate::VirtualPath::change_marker. Use this when encoding proven authorization into the type system (e.g., after validating a user’s permissions). The consumption makes marker changes explicit during code review.

§Examples
struct UserFiles;
struct ReadOnly;
struct ReadWrite;

let read_root: VirtualRoot<(UserFiles, ReadOnly)> = VirtualRoot::try_new(&root_dir)?;

// After authorization check...
let write_root: VirtualRoot<(UserFiles, ReadWrite)> = read_root.change_marker();

Create a symbolic link at link_path pointing to this root’s underlying directory.

link_path is interpreted in the virtual dimension and resolved via virtual_join() so that absolute virtual paths (“/links/a”) are clamped within this virtual root and relative paths are resolved relative to the virtual root.

Create a hard link at link_path pointing to this root’s underlying directory.

The link location is resolved via virtual_join() to clamp/anchor within this root. Note: Most platforms forbid directory hard links; expect an error from the OS.

Source

pub fn read_dir(&self) -> Result<ReadDir>

Read directory entries at the virtual root (discovery). Re‑join names through virtual/strict APIs before I/O.

Source

pub fn virtual_read_dir(&self) -> Result<VirtualRootReadDir<'_, Marker>>

Iterate directory entries at the virtual root, yielding validated VirtualPath values.

Unlike read_dir() which returns raw std::fs::DirEntry values requiring manual re-validation, this method yields VirtualPath entries directly. Each entry is automatically validated through virtual_join() so you can use it immediately for I/O operations without additional validation.

§Examples
use strict_path::VirtualRoot;

let vroot: VirtualRoot = VirtualRoot::try_new(temp.path())?;

// Auto-validated iteration - no manual re-join needed!
for entry in vroot.virtual_read_dir()? {
    let child = entry?;
    println!("Virtual: {}", child.virtualpath_display());
}
Source

pub fn remove_dir(&self) -> Result<()>

Remove the underlying root directory (non‑recursive); fails if not empty.

Source

pub fn remove_dir_all(&self) -> Result<()>

Recursively remove the underlying root directory and all its contents.

Source

pub fn try_new_create<P: AsRef<Path>>(root_path: P) -> Result<Self>

Ensure the directory exists (create if missing), then return a VirtualRoot.

§Examples

Uses AsRef<Path> for maximum ergonomics, including direct TempDir support for clean shadowing patterns:

use strict_path::VirtualRoot;
let vroot = VirtualRoot::<()>::try_new_create("./data")?;
Source

pub fn virtual_join<P: AsRef<Path>>( &self, candidate_path: P, ) -> Result<VirtualPath<Marker>>

Join a candidate path to this virtual root, producing a clamped VirtualPath.

This is the security gateway for virtual paths. Absolute paths (starting with "/") are automatically clamped to the virtual root, ensuring paths cannot escape the sandbox. For example, "/etc/config" becomes vroot/etc/config, and traversal attempts like "../../../../etc/passwd" are clamped to vroot/etc/passwd. This clamping behavior is what makes the virtual_ dimension safe for user-facing operations.

§Errors
  • StrictPathError::PathResolutionError, StrictPathError::PathEscapesBoundary.
§Examples
let vroot: VirtualRoot = VirtualRoot::try_new_create(td.path())?;

// Absolute paths are clamped to virtual root, not system root
let user_input_abs = "/etc/config"; // Untrusted input
let path1 = vroot.virtual_join(user_input_abs)?;
assert_eq!(path1.virtualpath_display().to_string(), "/etc/config");

// Traversal attempts are also clamped
let attack_input = "../../../etc/passwd"; // Untrusted input
let path2 = vroot.virtual_join(attack_input)?;
assert_eq!(path2.virtualpath_display().to_string(), "/etc/passwd");

// Both paths are safely within the virtual root on the actual filesystem
Source

pub fn interop_path(&self) -> &OsStr

Return the virtual root path as &OsStr for unavoidable third-party AsRef<Path> interop.

Source

pub fn exists(&self) -> bool

Returns true if the underlying path boundary root exists.

Source

pub fn as_unvirtual(&self) -> &PathBoundary<Marker>

Borrow the underlying PathBoundary.

Source

pub fn unvirtual(self) -> PathBoundary<Marker>

Consume this VirtualRoot and return the underlying PathBoundary (symmetry with virtualize).

Trait Implementations§

Source§

impl<Marker: Clone> Clone for VirtualRoot<Marker>

Source§

fn clone(&self) -> VirtualRoot<Marker>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<Marker> Debug for VirtualRoot<Marker>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<Marker> Display for VirtualRoot<Marker>

Display shows “/”: The real system path must never appear in user-facing output (logs, API responses, error messages). Showing “/” reinforces that VirtualRoot represents a virtual namespace root, not a concrete filesystem location.

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<Marker> FromStr for VirtualRoot<Marker>

Source§

fn from_str(path: &str) -> Result<Self, Self::Err>

Forwards to try_new_create: creates the target directory if missing, then canonicalizes and validates it as a directory.

Untrusted per-request paths (archive entries, user-supplied virtual paths) are not FromStr input — validate those via virtual_join on a pre-constructed root.

let vroot: VirtualRoot<()> = p.parse()?;
assert!(vroot.exists());
Source§

type Err = StrictPathError

The associated error which can be returned from parsing.
Source§

impl<Marker> Hash for VirtualRoot<Marker>

Source§

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl<Marker> Ord for VirtualRoot<Marker>

Source§

fn cmp(&self, other: &Self) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl<Marker> PartialEq<&Path> for VirtualRoot<Marker>

Source§

fn eq(&self, other: &&Path) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<Marker> PartialEq<Path> for VirtualRoot<Marker>

compare against “/”: VirtualRoot’s public identity is the virtual namespace root. Comparing against the real system path would leak implementation details and break the abstraction — callers should never need to know the underlying directory.

Source§

fn eq(&self, other: &Path) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<M1, M2> PartialEq<PathBoundary<M2>> for VirtualRoot<M1>

Source§

fn eq(&self, other: &PathBoundary<M2>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<Marker> PartialEq<PathBuf> for VirtualRoot<Marker>

Source§

fn eq(&self, other: &PathBuf) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<M1, M2> PartialEq<VirtualRoot<M2>> for PathBoundary<M1>

Available on crate feature virtual-path only.
Source§

fn eq(&self, other: &VirtualRoot<M2>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<M1, M2> PartialEq<VirtualRoot<M2>> for VirtualRoot<M1>

Source§

fn eq(&self, other: &VirtualRoot<M2>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<Marker> PartialOrd<&Path> for VirtualRoot<Marker>

Source§

fn partial_cmp(&self, other: &&Path) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl<Marker> PartialOrd<Path> for VirtualRoot<Marker>

Source§

fn partial_cmp(&self, other: &Path) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl<Marker> PartialOrd<PathBuf> for VirtualRoot<Marker>

Source§

fn partial_cmp(&self, other: &PathBuf) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl<Marker> PartialOrd for VirtualRoot<Marker>

Source§

fn partial_cmp(&self, other: &Self) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl<Marker> Eq for VirtualRoot<Marker>

Auto Trait Implementations§

§

impl<Marker> Freeze for VirtualRoot<Marker>

§

impl<Marker> RefUnwindSafe for VirtualRoot<Marker>
where Marker: RefUnwindSafe,

§

impl<Marker> Send for VirtualRoot<Marker>
where Marker: Send,

§

impl<Marker> Sync for VirtualRoot<Marker>
where Marker: Sync,

§

impl<Marker> Unpin for VirtualRoot<Marker>
where Marker: Unpin,

§

impl<Marker> UnsafeUnpin for VirtualRoot<Marker>

§

impl<Marker> UnwindSafe for VirtualRoot<Marker>
where Marker: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.