Documentation
¶
Overview ¶
Package files exposes shared filesystem helpers. The Code tab HTTP handlers (server/handlers/code.go) resolve every user-supplied path through SafeJoin so traversal attempts (../, absolute paths, NUL bytes, escaping symlinks) cannot read files outside of the workspace or worktree root.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidPath = errors.New("invalid path")
ErrInvalidPath is returned when the user-supplied path contains characters that are never acceptable (currently: NUL bytes).
var ErrPathEscape = errors.New("path escapes root")
ErrPathEscape is returned when a user-supplied path attempts to escape the provided root (via .., absolute path, or a symlink pointing outside).
Functions ¶
func SafeJoin ¶
SafeJoin joins userPath onto root and returns the absolute, cleaned filesystem path.
It guarantees that the returned path lives inside root. SafeJoin rejects:
- absolute userPaths (userPath must be relative)
- paths containing NUL bytes
- paths that, after cleaning, escape root via "../" segments
- paths whose symlink target (or any ancestor's symlink target) escapes root
Root must be an absolute, existing directory; if root itself does not exist SafeJoin still returns an answer (no symlink check can run) but callers typically os.Stat the result immediately and handle ENOENT.
SafeJoin accepts an empty userPath (returns root).
Types ¶
This section is empty.
Source Files