osroot

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2026 License: MIT Imports: 2 Imported by: 0

Documentation

Overview

Package osroot provides traversal-resistant file I/O helpers built on os.Root (Go 1.24+). These helpers ensure that file operations cannot escape a scoped directory, preventing symlink attacks and TOCTOU races at the kernel level.

os.Root supports: Open, OpenFile, Create, Stat, Lstat, Mkdir, Remove, OpenRoot. os.Root does NOT support: MkdirAll, WriteFile, ReadFile, Rename, RemoveAll. For unsupported operations, callers should use standard os functions with lexical validation.

Errors from these functions are returned unwrapped so that callers can use os.IsNotExist() and errors.Is() directly without losing the original sentinel.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ReadFile 

func ReadFile(root *os.Root, name string) ([]byte, error)

ReadFile reads the named file relative to root using os.Root for traversal-resistant access. The kernel enforces that the read cannot escape the root directory, preventing symlink and TOCTOU attacks.

func Remove 

func Remove(root *os.Root, name string) error

Remove removes the named file relative to root using os.Root for traversal-resistant access. Returns nil if the file doesn't exist.

func WriteFile 

func WriteFile(root *os.Root, name string, data []byte, perm os.FileMode) (retErr error)

WriteFile writes data to the named file relative to root using os.Root for traversal-resistant access. Creates the file if it doesn't exist, truncates it if it does. The kernel enforces that the write cannot escape the root directory.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.