Struct FileSandboxConfig 

pub struct FileSandboxConfig {
    pub enabled: bool,
    pub allowed_paths: Vec<PathBuf>,
}

Security configuration for file system operations. Controls which paths can be accessed by BACKUP, COPY, and EXPORT commands.

Disabled by default for backward compatibility in embedded mode. MUST be enabled for server mode with untrusted clients.

Fields

enabled: bool

If true, file operations are restricted to allowed_paths. If false, all paths are allowed (NOT RECOMMENDED for server mode).

allowed_paths: Vec<PathBuf>

List of allowed base directories for file operations. Paths must be absolute and canonical. File operations are only allowed within these directories.

Implementations

impl FileSandboxConfig

pub fn sandboxed(paths: Vec<PathBuf>) -> Self

Creates a sandboxed config that only allows operations in the specified directories.

pub fn default_for_mode(mode: DeploymentMode) -> Self

Creates a config with appropriate defaults for the deployment mode.

Security

• Embedded mode: Sandbox disabled (host application controls access)
• Server mode: Sandbox enabled with default paths /var/lib/uni/data and /var/lib/uni/backups

CWE-22 (Path Traversal): Server deployments MUST enable the sandbox to prevent arbitrary file read/write via BACKUP, COPY, and EXPORT commands.

pub fn security_warning(&self) -> Option<&'static str>

Returns a security warning message if the sandbox is disabled.

Call this at startup to alert administrators about potential security risks. Returns Some(message) if a warning should be displayed, None otherwise.

Security

CWE-22 (Path Traversal), CWE-73 (External Control of File Name): Disabled sandbox allows unrestricted filesystem access for BACKUP, COPY, and EXPORT commands, which can lead to:

• Arbitrary file read/write in server deployments
• Data exfiltration to attacker-controlled paths
• Potential privilege escalation via file overwrites

Example

if let Some(warning) = config.file_sandbox.security_warning() {
    tracing::warn!(target: "uni_db::security", "{}", warning);
}

pub fn is_potentially_insecure(&self) -> bool

Returns whether the sandbox is in a potentially insecure state.

Returns true if the sandbox is disabled or enabled with no allowed paths.

pub fn validate_path(&self, path: &str) -> Result<PathBuf, String>

Validate that a path is within the allowed sandbox. Returns Ok(canonical_path) if allowed, Err if not.

Trait Implementations

impl Clone for FileSandboxConfig

fn clone(&self) -> FileSandboxConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FileSandboxConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for FileSandboxConfig

fn default() -> FileSandboxConfig

Returns the “default value” for a type.