One of the uses for ambient-authority is to mark places in the code which may be opening files or other resources in ways that may be influenced by untrusted inputs. Paths or other identifiers which are constant and known at compile time are safe. This crate provides macros for use with cap-std which open files and directories in a way that requires the paths to be constant and in a way that allows them to be ignored in a clippy scan for use of dynamic ambient authority.

To use, it add #![deny(clippy::disallowed_method)] to your code and copy the clippy.toml file, as described here, for example:

#![deny(clippy::disallowed_method)]

use open_ambient::open_ambient_file;

fn main() {
    let fine = open_ambient_file!("Cargo.toml").unwrap();
    // ... do stuff with `fine`
    drop(fine);

    let risky = std::fs::File::open("Cargo.toml").unwrap();
    // ... do stuff with `risky`
    drop(risky);
}

And run clippy configured with these instructions. The above code gets just one error:

error: use of a disallowed method `std::fs::File::open`
  --> test.rs:10:19
   |
10 |     let risky = std::fs::File::open("Cargo.toml").unwrap();
   |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |

The open_ambient_file! line does not get an error, while the std::fs::File::open line does.