Lib.rs

Filesystem
#path #security #fs #path-traversal

path_ratchet

Prevent path traversal attacks at type level

by zSchoen

3 releases (breaking)

0.3.0 Dec 9, 2023
0.2.0 Dec 6, 2023
0.1.0 Dec 4, 2023

#107 in #fs

Download history 3/week @ 2024-11-13 2/week @ 2024-11-20 7/week @ 2024-12-04 18/week @ 2024-12-11 2/week @ 2024-12-18 1/week @ 2025-01-22 2/week @ 2025-01-29 20/week @ 2025-02-05 16/week @ 2025-02-12 24/week @ 2025-02-19 12/week @ 2025-02-26

72 downloads per month

LGPL-3.0-only

18KB
198 lines

Path Ratchet

LGPL 3.0 License Crates.io Workflow Status crev reviews

Prevent path traversal attacks at type level.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

lib.rs:

PathBuf::push allows any form of path traversal:

#
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push(user_input);
assert_eq!(filename, PathBuf::from("/etc/shadow"));

Contrary <PathBuf as PushPathComponent>::push_component requires a path with only a single element.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

Security

It is essential to check the path on the same platform it is used on. As an example the path C:\path\to\file.txt will be interpreted as a file or directory name on an UNIX-system.

SingleComponentPath::new(r"C:\path\to\file.txt").unwrap();

No runtime deps