pub fn validate_path(path: &str, workdir: &Path) -> SecurityResult<PathBuf>Expand description
Validate that a path is within the allowed working directory.
This function prevents path traversal attacks by:
- Converting the path to absolute (relative to workdir if not absolute)
- Canonicalizing to resolve
..,., and symlinks - Verifying the canonical path starts with the canonical workdir
§Arguments
path- The path to validate (can be relative or absolute)workdir- The allowed working directory
§Returns
Ok(PathBuf)- The canonical, validated pathErr(SecurityError)- If the path is invalid or outside workdir
§Examples
use std::path::PathBuf;
use varpulis_cli::security::validate_path;
let workdir = std::env::current_dir().unwrap();
// Valid path within workdir
let result = validate_path("src/main.rs", &workdir);
// Note: Result depends on whether the file exists