Documentation
¶
Overview ¶
Package osroot provides traversal-resistant file I/O helpers built on os.Root (Go 1.24+). These helpers ensure that file operations cannot escape a scoped directory, preventing symlink attacks and TOCTOU races at the kernel level.
These wrappers predate Go 1.25, which added native ReadFile/WriteFile/MkdirAll (etc.) on *os.Root; they remain as the codebase's stable, consistent helper surface and delegate to the native methods where those now exist.
Errors from these functions are returned unwrapped so that callers can use os.IsNotExist() and errors.Is() directly without losing the original sentinel.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MkdirAll ¶ added in v0.7.5
MkdirAll creates the directory named by name, along with any necessary parents, relative to root. The kernel enforces containment: a name that escapes root (absolute, or climbing above it via "..") is rejected. Already- existing directories are tolerated, like os.MkdirAll. This thin wrapper keeps the package's os.Root helper surface (alongside ReadFile/WriteFile/Remove) consistent at call sites.
func ReadFile ¶
ReadFile reads the named file relative to root using os.Root for traversal-resistant access. The kernel enforces that the read cannot escape the root directory, preventing symlink and TOCTOU attacks.
func Remove ¶
Remove removes the named file relative to root using os.Root for traversal-resistant access. Returns nil if the file doesn't exist.
Types ¶
This section is empty.
Source Files