Struct ArchivePolicy 

pub struct ArchivePolicy {
    pub allow_absolute_paths: bool,
    pub allow_parent_traversal: bool,
    pub allow_symlinks: bool,
    pub max_entry_size: Option<u64>,
    pub max_total_size: Option<u64>,
    pub max_entries: Option<usize>,
}

Policy primitives for safe extraction planning.

Fields

allow_absolute_paths: bool

Whether absolute or root-anchored paths are allowed.

allow_parent_traversal: bool

Whether parent traversal components are allowed.

allow_symlinks: bool

Whether symbolic link entries are allowed.

max_entry_size: Option<u64>

Maximum single entry payload size in bytes.

max_total_size: Option<u64>

Maximum total known payload size in bytes.

max_entries: Option<usize>

Maximum number of archive entries.

Implementations

impl ArchivePolicy

pub const fn strict() -> ArchivePolicy

Returns a strict extraction-oriented policy.

Examples found in repository

examples/basic_usage.rs (line 14)

fn main() {
    let encoding = ArchiveEncoding::from_extension("release.tar.zst");

    assert_eq!(encoding.archive, ArchiveFormat::Tar);
    assert_eq!(encoding.compression, CompressionFormat::Zstd);
    assert!(is_safe_relative_archive_path("docs/readme.md"));
    assert!(!is_safe_relative_archive_path("../secrets.env"));

    let policy = ArchivePolicy::strict();
    let manifest = ArchiveManifest::new(encoding).with_entries(vec![
        ArchiveEntry::new("docs/readme.md", ArchiveEntryKind::File).with_size(128),
    ]);

    assert!(policy.allows_entries(manifest.entries()));
    assert_eq!(manifest.file_count(), 1);
    assert_eq!(manifest.total_size(), 128);
}

pub const fn permissive() -> ArchivePolicy

Returns a permissive policy for trusted archive metadata.

pub const fn list_only() -> ArchivePolicy

Returns a policy suitable for listing-only workflows.

pub const fn with_max_entry_size(self, max_entry_size: u64) -> ArchivePolicy

Adds a maximum single entry size.

pub const fn with_max_total_size(self, max_total_size: u64) -> ArchivePolicy

Adds a maximum total known size.

pub const fn with_max_entries(self, max_entries: usize) -> ArchivePolicy

Adds a maximum entry count.

pub fn allows_path(&self, path: &str) -> bool

Returns whether a path is allowed by this policy.

pub fn entry_issues(&self, entry: &ArchiveEntry) -> Vec<ArchivePolicyIssue>

Returns policy issues for a single entry.

pub fn allows_entry(&self, entry: &ArchiveEntry) -> bool

Returns whether a single entry is allowed by this policy.

pub fn entries_issues( &self, entries: &[ArchiveEntry], ) -> Vec<ArchivePolicyIssue>

Returns policy issues for a complete entry listing.

pub fn allows_entries(&self, entries: &[ArchiveEntry]) -> bool

Returns whether a complete entry listing is allowed by this policy.

Examples found in repository

examples/basic_usage.rs (line 19)

fn main() {
    let encoding = ArchiveEncoding::from_extension("release.tar.zst");

    assert_eq!(encoding.archive, ArchiveFormat::Tar);
    assert_eq!(encoding.compression, CompressionFormat::Zstd);
    assert!(is_safe_relative_archive_path("docs/readme.md"));
    assert!(!is_safe_relative_archive_path("../secrets.env"));

    let policy = ArchivePolicy::strict();
    let manifest = ArchiveManifest::new(encoding).with_entries(vec![
        ArchiveEntry::new("docs/readme.md", ArchiveEntryKind::File).with_size(128),
    ]);

    assert!(policy.allows_entries(manifest.entries()));
    assert_eq!(manifest.file_count(), 1);
    assert_eq!(manifest.total_size(), 128);
}

Trait Implementations

impl Clone for ArchivePolicy

fn clone(&self) -> ArchivePolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ArchivePolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for ArchivePolicy

fn default() -> ArchivePolicy

Returns the “default value” for a type.

impl Hash for ArchivePolicy

fn hash<__H>(&self, state: &mut __H)

where __H: Hasher,

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Ord for ArchivePolicy

fn cmp(&self, other: &ArchivePolicy) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for ArchivePolicy

fn eq(&self, other: &ArchivePolicy) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for ArchivePolicy

fn partial_cmp(&self, other: &ArchivePolicy) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Copy for ArchivePolicy

impl Eq for ArchivePolicy

impl StructuralPartialEq for ArchivePolicy