README
¶
sectools
Security-focused Go helpers for file I/O, in-memory handling of sensitive data, and safe numeric conversions.
Features
- Secure file reads scoped to the system temp directory
- Secure file writes with atomic replace and permissions
- Symlink checks and root-scoped file access using
os.OpenRoot - Secure in-memory buffers with best-effort zeroization
- Safe integer conversion helpers with overflow/negative guards
Requirements
- Go 1.25.5+ (see
go.mod)
Installation
go get github.com/hyp3rd/sectools
Usage
Secure file read
package main
import (
"os"
"path/filepath"
sectools "github.com/hyp3rd/sectools/pkg/io"
)
func main() {
path := filepath.Join(os.TempDir(), "example.txt")
_ = os.WriteFile(path, []byte("secret"), 0o600)
data, err := sectools.SecureReadFile(filepath.Base(path), nil)
if err != nil {
panic(err)
}
_ = data
}
Secure buffer
package main
import (
"os"
"path/filepath"
sectools "github.com/hyp3rd/sectools/pkg/io"
)
func main() {
path := filepath.Join(os.TempDir(), "example.txt")
_ = os.WriteFile(path, []byte("secret"), 0o600)
buf, err := sectools.SecureReadFileWithSecureBuffer(filepath.Base(path), nil)
if err != nil {
panic(err)
}
defer buf.Clear()
_ = buf.Bytes()
}
Safe integer conversions
package main
import (
"fmt"
"github.com/hyp3rd/sectools/pkg/converters"
)
func main() {
value, err := converters.SafeUint64FromInt64(42)
fmt.Println(value, err)
}
Secure file write
package main
import (
sectools "github.com/hyp3rd/sectools/pkg/io"
)
func main() {
err := sectools.SecureWriteFile("example.txt", []byte("secret"), sectools.SecureWriteOptions{
DisableAtomic: false,
DisableSync: false,
}, nil)
if err != nil {
panic(err)
}
}
Security and behavior notes
SecureReadFileonly permits relative paths underos.TempDir()by default. UseSecureReadFileWithOptionsto allow absolute paths or alternate roots.- Paths containing
..are rejected to prevent directory traversal. SecureReadFilehas no default size cap; useSecureReadFileWithMaxSizeorSecureReadFileWithOptionswithMaxSizeByteswhen file size is untrusted.- Symlinks are rejected by default; when allowed, paths that resolve outside the allowed roots are rejected.
- File access is scoped with
os.OpenRooton the resolved root when symlinks are disallowed. When symlinks are allowed, files are opened via resolved paths after symlink checks. See the Goos.Rootdocs for platform-specific caveats. SecureWriteFileuses atomic replace and fsync by default; setDisableAtomicorDisableSynconly if you accept durability risks. SetSyncDirto fsync the parent directory after atomic rename for stronger durability guarantees (may be unsupported on some platforms/filesystems).SecureBufferzeroizes memory onClear()and uses a finalizer as a best-effort fallback; callClear()when done.
Documentation
- Detailed usage and behavior notes:
docs/usage.md
Development
make test
make lint
make sec
Contributing
See CONTRIBUTING.md for guidelines.
Code of Conduct
See CODE_OF_CONDUCT.md.
License
GPL-3.0. See LICENSE for details.
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
io
Package io provides secure input/output operations.
|
Package io provides secure input/output operations. |
|
pkg
|
|
|
converters
Package converters provides safe type conversion functions.
|
Package converters provides safe type conversion functions. |
|
io
Package io provides secure file read and write helpers, including path validation and secure-buffer convenience functions.
|
Package io provides secure file read and write helpers, including path validation and secure-buffer convenience functions. |
|
memory
Package memory provides secure memory management utilities for handling sensitive data such as tokens, credentials, and other secrets.
|
Package memory provides secure memory management utilities for handling sensitive data such as tokens, credentials, and other secrets. |
Click to show internal directories.
Click to hide internal directories.