Documentation
¶
Overview ¶
Package io provides secure input/output operations.
Index ¶
- Variables
- func SecureOpenFile(path string, opts ReadOptions, log hyperlogger.Logger) (*os.File, error)
- func SecurePath(path string, allowedRoots ...string) (string, error)
- func SecureReadFile(path string, log hyperlogger.Logger) ([]byte, error)
- func SecureReadFileWithOptions(path string, opts ReadOptions, log hyperlogger.Logger) ([]byte, error)
- func SecureReadFileWithSecureBuffer(path string, log hyperlogger.Logger) (*memory.SecureBuffer, error)
- func SecureWriteFile(path string, data []byte, opts WriteOptions, log hyperlogger.Logger) error
- type ReadOptions
- type WriteOptions
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrEmptyPath indicates that a required path argument was empty. ErrEmptyPath = ewrap.New("path cannot be empty") // ErrInvalidPath indicates that a path failed validation. ErrInvalidPath = ewrap.New("invalid path") // ErrAbsolutePathNotAllowed indicates absolute paths are disallowed by policy. ErrAbsolutePathNotAllowed = ewrap.New("absolute paths are not allowed") // ErrPathEscapesRoot indicates the resolved path is outside the allowed roots. ErrPathEscapesRoot = ewrap.New("path escapes allowed root") // ErrSymlinkNotAllowed indicates a symlink was encountered when disallowed. ErrSymlinkNotAllowed = ewrap.New("symlinks are not allowed") // ErrFileTooLarge indicates a file exceeds the configured maximum size. ErrFileTooLarge = ewrap.New("file exceeds maximum size") // ErrNonRegularFile indicates a non-regular file was encountered when disallowed. ErrNonRegularFile = ewrap.New("non-regular files are not allowed") // ErrInvalidBaseDir indicates the base directory is invalid. ErrInvalidBaseDir = ewrap.New("invalid base directory") // ErrInvalidAllowedRoots indicates the allowed roots list is invalid. ErrInvalidAllowedRoots = ewrap.New("invalid allowed roots") // ErrMaxSizeInvalid indicates the configured max size is invalid. ErrMaxSizeInvalid = ewrap.New("max size cannot be negative") // ErrFileExists indicates a write target already exists when exclusive creation is requested. ErrFileExists = ewrap.New("file already exists") )
Functions ¶
func SecureOpenFile ¶ added in v1.0.1
func SecureOpenFile(path string, opts ReadOptions, log hyperlogger.Logger) (*os.File, error)
SecureOpenFile opens a file for streaming reads with configurable security options.
func SecurePath ¶
SecurePath validates and sanitizes a file path using default read options. It returns a resolved path or an error if validation fails.
func SecureReadFile ¶
func SecureReadFile(path string, log hyperlogger.Logger) ([]byte, error)
SecureReadFile reads a file into memory with default secure options. Use SecureReadFileWithOptions for custom behaviors.
func SecureReadFileWithOptions ¶ added in v1.0.1
func SecureReadFileWithOptions(path string, opts ReadOptions, log hyperlogger.Logger) ([]byte, error)
SecureReadFileWithOptions reads a file into memory with configurable security options.
func SecureReadFileWithSecureBuffer ¶
func SecureReadFileWithSecureBuffer(path string, log hyperlogger.Logger) (*memory.SecureBuffer, error)
SecureReadFileWithSecureBuffer reads a file securely and returns its contents in a SecureBuffer.
func SecureWriteFile ¶ added in v1.0.1
func SecureWriteFile(path string, data []byte, opts WriteOptions, log hyperlogger.Logger) error
SecureWriteFile writes data to a file with configurable security options.
Types ¶
Source Files
Click to show internal directories.
Click to hide internal directories.