security

package

v0.2.0 Latest Latest Go to latest Published: Feb 6, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Fuabioo/zipfs

Links

Open Source Insights

Documentation ¶

Index ¶

func SanitizeGlobPattern(pattern string) error
func ValidateAllPaths(base string, paths []string) error
func ValidatePath(base, entryPath string) error
func ValidateRelativePath(path string) error
func ValidateSessionName(name string) error
type BombCheckResult
- func CheckZipBomb(zipPath string, limits Limits) (*BombCheckResult, error)
- func CheckZipBombFromReader(r *zip.Reader, limits Limits) *BombCheckResult
type Limits
- func DefaultLimits() Limits

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func SanitizeGlobPattern ¶

func SanitizeGlobPattern(pattern string) error

SanitizeGlobPattern validates a glob pattern is safe to use. Rejects: - Absolute paths - Patterns with ".." components - Null bytes - Control characters - Excessively complex patterns (basic validation)

func ValidateAllPaths ¶

func ValidateAllPaths(base string, paths []string) error

ValidateAllPaths validates a slice of entry paths, returning an error on the first invalid path. Fail-closed: if any path is invalid, all are rejected.

This implements the ADR requirement: "If any single entry fails validation, the entire extraction aborts (fail-closed)."

func ValidatePath ¶

func ValidatePath(base, entryPath string) error

ValidatePath checks if an entry path is safe to extract within the given base directory. Returns an error if the path attempts to escape the base directory.

Security checks: - Rejects absolute paths - Rejects paths with null bytes - Rejects paths with ".." sequences that escape base - Ensures cleaned path resolves within base directory

func ValidateRelativePath ¶

func ValidateRelativePath(path string) error

ValidateRelativePath checks if a relative path is safe for use within a workspace. Rejects: - Absolute paths - Paths containing ".." components - Null bytes - Control characters (0x00-0x1F, 0x7F)

func ValidateSessionName ¶

func ValidateSessionName(name string) error

ValidateSessionName checks if a session name meets requirements: - Only alphanumeric characters, hyphens, and underscores - Maximum 64 characters - Not empty

Types ¶

type BombCheckResult ¶

type BombCheckResult struct {
	Reason                string
	TotalUncompressedSize uint64
	FileCount             int
	MaxCompressionRatio   float64
	IsSafe                bool
}

BombCheckResult contains the results of a zip bomb pre-scan.

func CheckZipBomb ¶

func CheckZipBomb(zipPath string, limits Limits) (*BombCheckResult, error)

CheckZipBomb pre-scans a zip file's central directory for zip bomb indicators. Does NOT extract any content - only reads metadata.

Returns an error if the file cannot be opened/read. Returns a BombCheckResult with IsSafe=false if any limit is exceeded.

func CheckZipBombFromReader ¶

func CheckZipBombFromReader(r *zip.Reader, limits Limits) *BombCheckResult

CheckZipBombFromReader scans an already-opened zip reader. Does NOT extract any content - only reads central directory metadata.

type Limits ¶

type Limits struct {
	MaxExtractedSize    uint64  // bytes, default 1GB
	MaxFileCount        int     // default 100000
	MaxCompressionRatio float64 // default 100.0
}

Limits configures the zip bomb detection thresholds.

func DefaultLimits ¶

func DefaultLimits() Limits

DefaultLimits returns the default security limits from ADR-008.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL