validate_output_path

turbomcp_cli::path_security

Function validate_output_path 

Source 
pub fn validate_output_path(
    base_dir: &Path,
    requested_path: &str,
) -> CliResult<PathBuf>
Expand description

Validates an output path to ensure it’s within the base directory.

This function prevents path traversal attacks by:

  • Rejecting absolute paths
  • Rejecting paths with parent directory components (..)
  • Canonicalizing paths to resolve symlinks
  • Verifying the resolved path is within the base directory

§Security

This function is security-critical. It must ALWAYS be called before writing files based on external input (e.g., tool names from MCP servers).

§Arguments

  • base_dir - The base directory that all output files must be within
  • requested_path - The requested path (relative to base_dir)

§Returns

The canonicalized path if valid, or a SecurityViolation error if invalid.

§Examples

let base = Path::new("/tmp/output");
let safe_path = validate_output_path(base, "tool.json")?;
// safe_path is guaranteed to be within /tmp/output