Documentation
¶
Overview ¶
Package pathvalidation provides security-critical path validation to prevent writing files outside the intended project directory boundary.
Spec ref: ROOT/tech_design/internal/pathvalidation § "Intent" Threat model addressed: EXTERNAL/owasp-path-traversal § "What is path traversal"
This package defends against the following attack vectors:
- Relative traversal (../../etc/passwd)
- Embedded traversal (internal/../../outside/file.go)
- OS-specific separators (backslash on Windows)
- Encoding tricks (URL-encoded or Unicode sequences resolved by filepath.Clean)
- Symlinks (valid-looking paths that resolve outside the project via symlinks)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidatePath ¶
ValidatePath checks that path is safe to write within projectRoot.
Returns nil if the path is safe. Returns a descriptive error if any security constraint is violated.
Spec ref: ROOT/tech_design/internal/pathvalidation § "Interface"
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.