Documentation
¶
Overview ¶
Package io provides secure file read and write helpers, including path validation and secure-buffer convenience functions.
Index ¶
- Variables
- func SecureCopyFile(src, dest string, opts SecureCopyOptions, log hyperlogger.Logger) error
- func SecureMkdirAll(path string, opts SecureDirOptions, log hyperlogger.Logger) error
- func SecureOpenFile(file string, opts SecureReadOptions, log hyperlogger.Logger) (*os.File, error)
- func SecureReadDir(path string, log hyperlogger.Logger) ([]os.DirEntry, error)
- func SecureReadDirWithOptions(path string, opts SecureReadOptions, log hyperlogger.Logger) ([]os.DirEntry, error)
- func SecureReadFile(file string, log hyperlogger.Logger) ([]byte, error)
- func SecureReadFileWithMaxSize(file string, maxBytes int64, log hyperlogger.Logger) ([]byte, error)
- func SecureReadFileWithOptions(file string, opts SecureReadOptions, log hyperlogger.Logger) ([]byte, error)
- func SecureReadFileWithSecureBuffer(filename string, log hyperlogger.Logger) (*memory.SecureBuffer, error)
- func SecureReadFileWithSecureBufferOptions(filename string, opts SecureReadOptions, log hyperlogger.Logger) (*memory.SecureBuffer, error)
- func SecureRemove(path string, opts SecureRemoveOptions, log hyperlogger.Logger) error
- func SecureRemoveAll(path string, opts SecureRemoveOptions, log hyperlogger.Logger) error
- func SecureTempDir(prefix string, opts SecureDirOptions, log hyperlogger.Logger) (string, error)
- func SecureTempFile(prefix string, opts SecureTempOptions, log hyperlogger.Logger) (*os.File, error)
- func SecureWriteFile(file string, data []byte, opts SecureWriteOptions, log hyperlogger.Logger) error
- func SecureWriteFromReader(file string, reader io.Reader, opts SecureWriteOptions, log hyperlogger.Logger) error
- type SecureCopyOptions
- type SecureDirOptions
- type SecureReadOptions
- type SecureRemoveOptions
- type SecureTempOptions
- type SecureWriteOptions
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrEmptyPath indicates that a required path argument was empty. ErrEmptyPath = internalio.ErrEmptyPath // ErrInvalidPath indicates that a path failed validation. ErrInvalidPath = internalio.ErrInvalidPath // ErrAbsolutePathNotAllowed indicates absolute paths are disallowed by policy. ErrAbsolutePathNotAllowed = internalio.ErrAbsolutePathNotAllowed // ErrPathEscapesRoot indicates the resolved path is outside the allowed roots. ErrPathEscapesRoot = internalio.ErrPathEscapesRoot // ErrSymlinkNotAllowed indicates a symlink was encountered when disallowed. ErrSymlinkNotAllowed = internalio.ErrSymlinkNotAllowed // ErrFileTooLarge indicates a file exceeds the configured maximum size. ErrFileTooLarge = internalio.ErrFileTooLarge // ErrNonRegularFile indicates a non-regular file was encountered when disallowed. ErrNonRegularFile = internalio.ErrNonRegularFile // ErrInvalidBaseDir indicates the base directory is invalid. ErrInvalidBaseDir = internalio.ErrInvalidBaseDir // ErrInvalidAllowedRoots indicates the allowed roots list is invalid. ErrInvalidAllowedRoots = internalio.ErrInvalidAllowedRoots // ErrMaxSizeInvalid indicates the configured max size is invalid. ErrMaxSizeInvalid = internalio.ErrMaxSizeInvalid // ErrFileExists indicates a write target already exists when exclusive creation is requested. ErrFileExists = internalio.ErrFileExists // ErrSyncDirUnsupported indicates directory sync is not supported on this platform or filesystem. ErrSyncDirUnsupported = internalio.ErrSyncDirUnsupported // ErrNilReader indicates a nil reader was provided. ErrNilReader = internalio.ErrNilReader // ErrNotDirectory indicates the target path is not a directory. ErrNotDirectory = internalio.ErrNotDirectory // ErrInvalidPermissions indicates a permission mask was invalid. ErrInvalidPermissions = internalio.ErrInvalidPermissions // ErrPermissionsNotAllowed indicates a path has disallowed permissions. ErrPermissionsNotAllowed = internalio.ErrPermissionsNotAllowed // ErrInvalidOwnership indicates ownership constraints are invalid. ErrInvalidOwnership = internalio.ErrInvalidOwnership // ErrOwnershipNotAllowed indicates a path has unexpected ownership. ErrOwnershipNotAllowed = internalio.ErrOwnershipNotAllowed // ErrOwnershipUnsupported indicates ownership checks are not supported on this platform. ErrOwnershipUnsupported = internalio.ErrOwnershipUnsupported // ErrInvalidTempPrefix indicates a temp prefix was invalid. ErrInvalidTempPrefix = internalio.ErrInvalidTempPrefix // ErrChecksumMismatch indicates a checksum verification failure. ErrChecksumMismatch = internalio.ErrChecksumMismatch )
Functions ¶
func SecureCopyFile ¶ added in v1.0.11
func SecureCopyFile(src, dest string, opts SecureCopyOptions, log hyperlogger.Logger) error
SecureCopyFile copies a file securely using the provided options.
func SecureMkdirAll ¶ added in v1.0.11
func SecureMkdirAll(path string, opts SecureDirOptions, log hyperlogger.Logger) error
SecureMkdirAll creates a directory securely using the provided options.
func SecureOpenFile ¶ added in v1.0.1
func SecureOpenFile(file string, opts SecureReadOptions, log hyperlogger.Logger) (*os.File, error)
SecureOpenFile opens a file for streaming reads using the provided options.
func SecureReadDir ¶ added in v1.0.11
SecureReadDir reads a directory securely with default options.
func SecureReadDirWithOptions ¶ added in v1.0.11
func SecureReadDirWithOptions(path string, opts SecureReadOptions, log hyperlogger.Logger) ([]os.DirEntry, error)
SecureReadDirWithOptions reads a directory securely using the provided options.
func SecureReadFile ¶
func SecureReadFile(file string, log hyperlogger.Logger) ([]byte, error)
SecureReadFile reads a file securely and returns the contents as a byte slice. The file contents are read into memory and should be handled carefully.
func SecureReadFileWithMaxSize ¶ added in v1.0.7
SecureReadFileWithMaxSize reads a file securely and rejects files larger than maxBytes.
func SecureReadFileWithOptions ¶ added in v1.0.1
func SecureReadFileWithOptions(file string, opts SecureReadOptions, log hyperlogger.Logger) ([]byte, error)
SecureReadFileWithOptions reads a file securely using the provided options.
func SecureReadFileWithSecureBuffer ¶
func SecureReadFileWithSecureBuffer(filename string, log hyperlogger.Logger) (*memory.SecureBuffer, error)
SecureReadFileWithSecureBuffer reads a file securely and returns the contents in a SecureBuffer for better memory protection.
func SecureReadFileWithSecureBufferOptions ¶ added in v1.0.6
func SecureReadFileWithSecureBufferOptions( filename string, opts SecureReadOptions, log hyperlogger.Logger, ) (*memory.SecureBuffer, error)
SecureReadFileWithSecureBufferOptions reads a file securely using the provided options and returns the contents in a SecureBuffer.
func SecureRemove ¶ added in v1.0.11
func SecureRemove(path string, opts SecureRemoveOptions, log hyperlogger.Logger) error
SecureRemove removes a file or empty directory securely using the provided options.
func SecureRemoveAll ¶ added in v1.0.11
func SecureRemoveAll(path string, opts SecureRemoveOptions, log hyperlogger.Logger) error
SecureRemoveAll removes a directory tree securely using the provided options.
func SecureTempDir ¶ added in v1.0.11
func SecureTempDir(prefix string, opts SecureDirOptions, log hyperlogger.Logger) (string, error)
SecureTempDir creates a temp directory securely using the provided options.
func SecureTempFile ¶ added in v1.0.11
func SecureTempFile(prefix string, opts SecureTempOptions, log hyperlogger.Logger) (*os.File, error)
SecureTempFile creates a temp file securely using the provided options.
func SecureWriteFile ¶ added in v1.0.1
func SecureWriteFile(file string, data []byte, opts SecureWriteOptions, log hyperlogger.Logger) error
SecureWriteFile writes data to a file securely using the provided options.
func SecureWriteFromReader ¶ added in v1.0.11
func SecureWriteFromReader(file string, reader io.Reader, opts SecureWriteOptions, log hyperlogger.Logger) error
SecureWriteFromReader writes data from a reader to a file securely using the provided options.
Types ¶
type SecureCopyOptions ¶ added in v1.0.11
type SecureCopyOptions struct {
Read SecureReadOptions
Write SecureWriteOptions
VerifyChecksum bool
}
SecureCopyOptions configures secure copy behavior.
type SecureDirOptions ¶ added in v1.0.11
type SecureDirOptions struct {
BaseDir string
AllowedRoots []string
DirMode os.FileMode
AllowAbsolute bool
AllowSymlinks bool
EnforceMode bool
DisallowPerms os.FileMode
OwnerUID *int
OwnerGID *int
}
SecureDirOptions configures secure directory behavior.
type SecureReadOptions ¶ added in v1.0.1
type SecureReadOptions struct {
BaseDir string
AllowedRoots []string
MaxSizeBytes int64
AllowAbsolute bool
AllowSymlinks bool
AllowNonRegular bool
DisallowPerms os.FileMode
OwnerUID *int
OwnerGID *int
}
SecureReadOptions configures secure read behavior.
type SecureRemoveOptions ¶ added in v1.0.11
type SecureRemoveOptions struct {
BaseDir string
AllowedRoots []string
AllowAbsolute bool
AllowSymlinks bool
Wipe bool
OwnerUID *int
OwnerGID *int
}
SecureRemoveOptions configures secure remove behavior.
type SecureTempOptions ¶ added in v1.0.11
type SecureTempOptions struct {
BaseDir string
AllowedRoots []string
FileMode os.FileMode
AllowAbsolute bool
AllowSymlinks bool
EnforceFileMode bool
OwnerUID *int
OwnerGID *int
}
SecureTempOptions configures secure temp file behavior.
type SecureWriteOptions ¶ added in v1.0.1
type SecureWriteOptions struct {
BaseDir string
AllowedRoots []string
MaxSizeBytes int64
FileMode os.FileMode
CreateExclusive bool
DisableAtomic bool
DisableSync bool
SyncDir bool
AllowAbsolute bool
AllowSymlinks bool
EnforceFileMode bool
OwnerUID *int
OwnerGID *int
}
SecureWriteOptions configures secure write behavior.
Source Files
Click to show internal directories.
Click to hide internal directories.