io

package

v1.0.8 Latest Latest Go to latest Published: Dec 30, 2025 License: GPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hyp3rd/sectools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package io provides secure file read and write helpers, including path validation and secure-buffer convenience functions.

Index ¶

Variables
func SecureOpenFile(file string, opts SecureReadOptions, log hyperlogger.Logger) (*os.File, error)
func SecureReadFile(file string, log hyperlogger.Logger) ([]byte, error)
func SecureReadFileWithMaxSize(file string, maxBytes int64, log hyperlogger.Logger) ([]byte, error)
func SecureReadFileWithOptions(file string, opts SecureReadOptions, log hyperlogger.Logger) ([]byte, error)
func SecureReadFileWithSecureBuffer(filename string, log hyperlogger.Logger) (*memory.SecureBuffer, error)
func SecureReadFileWithSecureBufferOptions(filename string, opts SecureReadOptions, log hyperlogger.Logger) (*memory.SecureBuffer, error)
func SecureWriteFile(file string, data []byte, opts SecureWriteOptions, log hyperlogger.Logger) error
type SecureReadOptions
type SecureWriteOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrEmptyPath indicates that a required path argument was empty.
	ErrEmptyPath = internalio.ErrEmptyPath
	// ErrInvalidPath indicates that a path failed validation.
	ErrInvalidPath = internalio.ErrInvalidPath
	// ErrAbsolutePathNotAllowed indicates absolute paths are disallowed by policy.
	ErrAbsolutePathNotAllowed = internalio.ErrAbsolutePathNotAllowed
	// ErrPathEscapesRoot indicates the resolved path is outside the allowed roots.
	ErrPathEscapesRoot = internalio.ErrPathEscapesRoot
	// ErrSymlinkNotAllowed indicates a symlink was encountered when disallowed.
	ErrSymlinkNotAllowed = internalio.ErrSymlinkNotAllowed
	// ErrFileTooLarge indicates a file exceeds the configured maximum size.
	ErrFileTooLarge = internalio.ErrFileTooLarge
	// ErrNonRegularFile indicates a non-regular file was encountered when disallowed.
	ErrNonRegularFile = internalio.ErrNonRegularFile
	// ErrInvalidBaseDir indicates the base directory is invalid.
	ErrInvalidBaseDir = internalio.ErrInvalidBaseDir
	// ErrInvalidAllowedRoots indicates the allowed roots list is invalid.
	ErrInvalidAllowedRoots = internalio.ErrInvalidAllowedRoots
	// ErrMaxSizeInvalid indicates the configured max size is invalid.
	ErrMaxSizeInvalid = internalio.ErrMaxSizeInvalid
	// ErrFileExists indicates a write target already exists when exclusive creation is requested.
	ErrFileExists = internalio.ErrFileExists
	// ErrSyncDirUnsupported indicates directory sync is not supported on this platform or filesystem.
	ErrSyncDirUnsupported = internalio.ErrSyncDirUnsupported
)

Functions ¶

func SecureOpenFile ¶ added in v1.0.1

func SecureOpenFile(file string, opts SecureReadOptions, log hyperlogger.Logger) (*os.File, error)

SecureOpenFile opens a file for streaming reads using the provided options.

func SecureReadFile ¶

func SecureReadFile(file string, log hyperlogger.Logger) ([]byte, error)

SecureReadFile reads a file securely and returns the contents as a byte slice. The file contents are read into memory and should be handled carefully.

func SecureReadFileWithMaxSize ¶ added in v1.0.7

func SecureReadFileWithMaxSize(file string, maxBytes int64, log hyperlogger.Logger) ([]byte, error)

SecureReadFileWithMaxSize reads a file securely and rejects files larger than maxBytes.

func SecureReadFileWithOptions ¶ added in v1.0.1

func SecureReadFileWithOptions(file string, opts SecureReadOptions, log hyperlogger.Logger) ([]byte, error)

SecureReadFileWithOptions reads a file securely using the provided options.

func SecureReadFileWithSecureBuffer ¶

func SecureReadFileWithSecureBuffer(filename string, log hyperlogger.Logger) (*memory.SecureBuffer, error)

SecureReadFileWithSecureBuffer reads a file securely and returns the contents in a SecureBuffer for better memory protection.

func SecureReadFileWithSecureBufferOptions ¶ added in v1.0.6

func SecureReadFileWithSecureBufferOptions(
	filename string,
	opts SecureReadOptions,
	log hyperlogger.Logger,
) (*memory.SecureBuffer, error)

SecureReadFileWithSecureBufferOptions reads a file securely using the provided options and returns the contents in a SecureBuffer.

func SecureWriteFile ¶ added in v1.0.1

func SecureWriteFile(file string, data []byte, opts SecureWriteOptions, log hyperlogger.Logger) error

SecureWriteFile writes data to a file securely using the provided options.

Types ¶

type SecureReadOptions ¶ added in v1.0.1

type SecureReadOptions struct {
	BaseDir         string
	AllowedRoots    []string
	MaxSizeBytes    int64
	AllowAbsolute   bool
	AllowSymlinks   bool
	AllowNonRegular bool
}

SecureReadOptions configures secure read behavior.

type SecureWriteOptions ¶ added in v1.0.1

type SecureWriteOptions struct {
	BaseDir         string
	AllowedRoots    []string
	MaxSizeBytes    int64
	FileMode        os.FileMode
	CreateExclusive bool
	DisableAtomic   bool
	DisableSync     bool
	SyncDir         bool
	AllowAbsolute   bool
	AllowSymlinks   bool
}

SecureWriteOptions configures secure write behavior.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL