#path #security #fs #path-traversal

path_ratchet

Prevent path traversal attacks at type level

3 releases (breaking)

0.3.0 Dec 9, 2023
0.2.0 Dec 6, 2023
0.1.0 Dec 4, 2023

#1103 in Filesystem

LGPL-3.0-only

18KB
198 lines

Path Ratchet

LGPL 3.0 License Crates.io Workflow Status crev reviews

Prevent path traversal attacks at type level.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

lib.rs:

PathBuf::push allows any form of path traversal:

#
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push(user_input);
assert_eq!(filename, PathBuf::from("/etc/shadow"));

Contrary <PathBuf as PushPathComponent>::push_component requires a path with only a single element.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

Security

It is essential to check the path on the same platform it is used on. As an example the path C:\path\to\file.txt will be interpreted as a file or directory name on an UNIX-system.

SingleComponentPath::new(r"C:\path\to\file.txt").unwrap();

No runtime deps