io

package
v1.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 6, 2026 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Overview

Package io provides secure file read and write helpers, including path validation and secure-buffer convenience functions.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrEmptyPath indicates that a required path argument was empty.
	ErrEmptyPath = internalio.ErrEmptyPath
	// ErrInvalidPath indicates that a path failed validation.
	ErrInvalidPath = internalio.ErrInvalidPath
	// ErrAbsolutePathNotAllowed indicates absolute paths are disallowed by policy.
	ErrAbsolutePathNotAllowed = internalio.ErrAbsolutePathNotAllowed
	// ErrPathEscapesRoot indicates the resolved path is outside the allowed roots.
	ErrPathEscapesRoot = internalio.ErrPathEscapesRoot
	// ErrSymlinkNotAllowed indicates a symlink was encountered when disallowed.
	ErrSymlinkNotAllowed = internalio.ErrSymlinkNotAllowed
	// ErrFileTooLarge indicates a file exceeds the configured maximum size.
	ErrFileTooLarge = internalio.ErrFileTooLarge
	// ErrNonRegularFile indicates a non-regular file was encountered when disallowed.
	ErrNonRegularFile = internalio.ErrNonRegularFile
	// ErrInvalidBaseDir indicates the base directory is invalid.
	ErrInvalidBaseDir = internalio.ErrInvalidBaseDir
	// ErrInvalidAllowedRoots indicates the allowed roots list is invalid.
	ErrInvalidAllowedRoots = internalio.ErrInvalidAllowedRoots
	// ErrMaxSizeInvalid indicates the configured max size is invalid.
	ErrMaxSizeInvalid = internalio.ErrMaxSizeInvalid
	// ErrFileExists indicates a write target already exists when exclusive creation is requested.
	ErrFileExists = internalio.ErrFileExists
	// ErrSyncDirUnsupported indicates directory sync is not supported on this platform or filesystem.
	ErrSyncDirUnsupported = internalio.ErrSyncDirUnsupported
	// ErrNilReader indicates a nil reader was provided.
	ErrNilReader = internalio.ErrNilReader
	// ErrNotDirectory indicates the target path is not a directory.
	ErrNotDirectory = internalio.ErrNotDirectory
	// ErrInvalidPermissions indicates a permission mask was invalid.
	ErrInvalidPermissions = internalio.ErrInvalidPermissions
	// ErrPermissionsNotAllowed indicates a path has disallowed permissions.
	ErrPermissionsNotAllowed = internalio.ErrPermissionsNotAllowed
	// ErrInvalidTempPrefix indicates a temp prefix was invalid.
	ErrInvalidTempPrefix = internalio.ErrInvalidTempPrefix
)

Functions

func SecureCopyFile added in v1.0.11 

func SecureCopyFile(src, dest string, opts SecureCopyOptions, log hyperlogger.Logger) error

SecureCopyFile copies a file securely using the provided options.

func SecureMkdirAll added in v1.0.11 

func SecureMkdirAll(path string, opts SecureDirOptions, log hyperlogger.Logger) error

SecureMkdirAll creates a directory securely using the provided options.

func SecureOpenFile added in v1.0.1 

func SecureOpenFile(file string, opts SecureReadOptions, log hyperlogger.Logger) (*os.File, error)

SecureOpenFile opens a file for streaming reads using the provided options.

func SecureReadDir added in v1.0.11 

func SecureReadDir(path string, log hyperlogger.Logger) ([]os.DirEntry, error)

SecureReadDir reads a directory securely with default options.

func SecureReadDirWithOptions added in v1.0.11 

func SecureReadDirWithOptions(path string, opts SecureReadOptions, log hyperlogger.Logger) ([]os.DirEntry, error)

SecureReadDirWithOptions reads a directory securely using the provided options.

func SecureReadFile 

func SecureReadFile(file string, log hyperlogger.Logger) ([]byte, error)

SecureReadFile reads a file securely and returns the contents as a byte slice. The file contents are read into memory and should be handled carefully.

func SecureReadFileWithMaxSize added in v1.0.7 

func SecureReadFileWithMaxSize(file string, maxBytes int64, log hyperlogger.Logger) ([]byte, error)

SecureReadFileWithMaxSize reads a file securely and rejects files larger than maxBytes.

func SecureReadFileWithOptions added in v1.0.1 

func SecureReadFileWithOptions(file string, opts SecureReadOptions, log hyperlogger.Logger) ([]byte, error)

SecureReadFileWithOptions reads a file securely using the provided options.

func SecureReadFileWithSecureBuffer 

func SecureReadFileWithSecureBuffer(filename string, log hyperlogger.Logger) (*memory.SecureBuffer, error)

SecureReadFileWithSecureBuffer reads a file securely and returns the contents in a SecureBuffer for better memory protection.

func SecureReadFileWithSecureBufferOptions added in v1.0.6 

func SecureReadFileWithSecureBufferOptions(
	filename string,
	opts SecureReadOptions,
	log hyperlogger.Logger,
) (*memory.SecureBuffer, error)

SecureReadFileWithSecureBufferOptions reads a file securely using the provided options and returns the contents in a SecureBuffer.

func SecureRemove added in v1.0.11 

func SecureRemove(path string, opts SecureRemoveOptions, log hyperlogger.Logger) error

SecureRemove removes a file or empty directory securely using the provided options.

func SecureRemoveAll added in v1.0.11 

func SecureRemoveAll(path string, opts SecureRemoveOptions, log hyperlogger.Logger) error

SecureRemoveAll removes a directory tree securely using the provided options.

func SecureTempDir added in v1.0.11 

func SecureTempDir(prefix string, opts SecureDirOptions, log hyperlogger.Logger) (string, error)

SecureTempDir creates a temp directory securely using the provided options.

func SecureTempFile added in v1.0.11 

func SecureTempFile(prefix string, opts SecureTempOptions, log hyperlogger.Logger) (*os.File, error)

SecureTempFile creates a temp file securely using the provided options.

func SecureWriteFile added in v1.0.1 

func SecureWriteFile(file string, data []byte, opts SecureWriteOptions, log hyperlogger.Logger) error

SecureWriteFile writes data to a file securely using the provided options.

func SecureWriteFromReader added in v1.0.11 

func SecureWriteFromReader(file string, reader io.Reader, opts SecureWriteOptions, log hyperlogger.Logger) error

SecureWriteFromReader writes data from a reader to a file securely using the provided options.

Types

type SecureCopyOptions added in v1.0.11 

type SecureCopyOptions struct {
	Read  SecureReadOptions
	Write SecureWriteOptions
}

SecureCopyOptions configures secure copy behavior.

type SecureDirOptions added in v1.0.11 

type SecureDirOptions struct {
	BaseDir       string
	AllowedRoots  []string
	DirMode       os.FileMode
	AllowAbsolute bool
	AllowSymlinks bool
	EnforceMode   bool
	DisallowPerms os.FileMode
}

SecureDirOptions configures secure directory behavior.

type SecureReadOptions added in v1.0.1 

type SecureReadOptions struct {
	BaseDir         string
	AllowedRoots    []string
	MaxSizeBytes    int64
	AllowAbsolute   bool
	AllowSymlinks   bool
	AllowNonRegular bool
	DisallowPerms   os.FileMode
}

SecureReadOptions configures secure read behavior.

type SecureRemoveOptions added in v1.0.11 

type SecureRemoveOptions struct {
	BaseDir       string
	AllowedRoots  []string
	AllowAbsolute bool
	AllowSymlinks bool
}

SecureRemoveOptions configures secure remove behavior.

type SecureTempOptions added in v1.0.11 

type SecureTempOptions struct {
	BaseDir         string
	AllowedRoots    []string
	FileMode        os.FileMode
	AllowAbsolute   bool
	AllowSymlinks   bool
	EnforceFileMode bool
}

SecureTempOptions configures secure temp file behavior.

type SecureWriteOptions added in v1.0.1 

type SecureWriteOptions struct {
	BaseDir         string
	AllowedRoots    []string
	MaxSizeBytes    int64
	FileMode        os.FileMode
	CreateExclusive bool
	DisableAtomic   bool
	DisableSync     bool
	SyncDir         bool
	AllowAbsolute   bool
	AllowSymlinks   bool
	EnforceFileMode bool
}

SecureWriteOptions configures secure write behavior.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.