Documentation
¶
Overview ¶
Package io provides secure input/output operations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SecurePath ¶
SecurePath validates and sanitizes a file path, preventing directory traversal and absolute path usage. It prepends the system's temp directory to the provided path and returns an error if the path: - is empty - contains ".." - is an absolute path - resolves to a symlink outside the temp directory Returns a secure, relative path within the system's temp directory or an error if the path is invalid.
func SecureReadFile ¶
func SecureReadFile(path string, log hyperlogger.Logger) ([]byte, error)
SecureReadFile reads a file into memory with additional security precautions. It ensures the file path is secure, opens the file, reads its entire contents into a buffer, and provides error handling with resource cleanup. If an error occurs during reading, the buffer is zeroed out to prevent potential information leakage. Returns the file contents as a byte slice or an error if the file cannot be read securely.
func SecureReadFileWithSecureBuffer ¶
func SecureReadFileWithSecureBuffer(path string, log hyperlogger.Logger) (*memory.SecureBuffer, error)
SecureReadFileWithSecureBuffer reads a file securely and returns its contents as a SecureBuffer. This function combines the security features of SecureReadFile with the memory protection of SecureBuffer. It ensures the file path is secure, reads the entire file contents, and wraps them in a SecureBuffer which will automatically zero out the memory when garbage collected. If an error occurs during reading, all buffers are zeroed out to prevent information leakage.
Parameters:
- path: Path to the file to be read
- log: Logger instance for recording any non-fatal errors
Returns:
- Pointer to a SecureBuffer containing the file contents
- An error if the file cannot be read securely
Types ¶
This section is empty.
Source Files