io

package
v1.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 11, 2026 License: GPL-3.0 Imports: 6 Imported by: 0

Documentation

Overview

Package io provides secure file read and write helpers, including path validation and secure-buffer convenience functions.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrEmptyPath indicates that a required path argument was empty.
	ErrEmptyPath = internalio.ErrEmptyPath
	// ErrInvalidPath indicates that a path failed validation.
	ErrInvalidPath = internalio.ErrInvalidPath
	// ErrAbsolutePathNotAllowed indicates absolute paths are disallowed by policy.
	ErrAbsolutePathNotAllowed = internalio.ErrAbsolutePathNotAllowed
	// ErrPathEscapesRoot indicates the resolved path is outside the allowed roots.
	ErrPathEscapesRoot = internalio.ErrPathEscapesRoot
	// ErrSymlinkNotAllowed indicates a symlink was encountered when disallowed.
	ErrSymlinkNotAllowed = internalio.ErrSymlinkNotAllowed
	// ErrFileTooLarge indicates a file exceeds the configured maximum size.
	ErrFileTooLarge = internalio.ErrFileTooLarge
	// ErrNonRegularFile indicates a non-regular file was encountered when disallowed.
	ErrNonRegularFile = internalio.ErrNonRegularFile
	// ErrInvalidBaseDir indicates the base directory is invalid.
	ErrInvalidBaseDir = internalio.ErrInvalidBaseDir
	// ErrInvalidAllowedRoots indicates the allowed roots list is invalid.
	ErrInvalidAllowedRoots = internalio.ErrInvalidAllowedRoots
	// ErrMaxSizeInvalid indicates the configured max size is invalid.
	ErrMaxSizeInvalid = internalio.ErrMaxSizeInvalid
	// ErrFileExists indicates a write target already exists when exclusive creation is requested.
	ErrFileExists = internalio.ErrFileExists
	// ErrSyncDirUnsupported indicates directory sync is not supported on this platform or filesystem.
	ErrSyncDirUnsupported = internalio.ErrSyncDirUnsupported
	// ErrNilReader indicates a nil reader was provided.
	ErrNilReader = internalio.ErrNilReader
	// ErrNotDirectory indicates the target path is not a directory.
	ErrNotDirectory = internalio.ErrNotDirectory
	// ErrInvalidPermissions indicates a permission mask was invalid.
	ErrInvalidPermissions = internalio.ErrInvalidPermissions
	// ErrPermissionsNotAllowed indicates a path has disallowed permissions.
	ErrPermissionsNotAllowed = internalio.ErrPermissionsNotAllowed
	// ErrInvalidOwnership indicates ownership constraints are invalid.
	ErrInvalidOwnership = internalio.ErrInvalidOwnership
	// ErrOwnershipNotAllowed indicates a path has unexpected ownership.
	ErrOwnershipNotAllowed = internalio.ErrOwnershipNotAllowed
	// ErrOwnershipUnsupported indicates ownership checks are not supported on this platform.
	ErrOwnershipUnsupported = internalio.ErrOwnershipUnsupported
	// ErrInvalidTempPrefix indicates a temp prefix was invalid.
	ErrInvalidTempPrefix = internalio.ErrInvalidTempPrefix
	// ErrChecksumMismatch indicates a checksum verification failure.
	ErrChecksumMismatch = internalio.ErrChecksumMismatch
)

Functions

This section is empty.

Types

type Client added in v1.1.2 

type Client struct {
	// contains filtered or unexported fields
}

Client provides configured secure I/O helpers.

func New added in v1.1.2 

func New() *Client

New returns a Client with default options.

func NewWithOptions added in v1.1.2 

func NewWithOptions(opts ...Option) (*Client, error)

NewWithOptions returns a Client configured with functional options.

func (*Client) CopyFile added in v1.1.2 

func (c *Client) CopyFile(src, dest string) error

CopyFile copies a file securely.

func (*Client) MkdirAll added in v1.1.2 

func (c *Client) MkdirAll(path string) error

MkdirAll creates a directory securely.

func (*Client) OpenFile added in v1.1.2 

func (c *Client) OpenFile(file string) (*os.File, error)

OpenFile opens a file for streaming reads.

func (*Client) ReadDir added in v1.1.2 

func (c *Client) ReadDir(path string) ([]os.DirEntry, error)

ReadDir reads a directory securely.

func (*Client) ReadFile added in v1.1.2 

func (c *Client) ReadFile(file string) ([]byte, error)

ReadFile reads a file securely and returns the contents as a byte slice.

func (*Client) ReadFileWithSecureBuffer added in v1.1.2 

func (c *Client) ReadFileWithSecureBuffer(filename string) (*memory.SecureBuffer, error)

ReadFileWithSecureBuffer reads a file securely and returns the contents in a SecureBuffer for better memory protection.

func (*Client) Remove added in v1.1.2 

func (c *Client) Remove(path string) error

Remove removes a file or empty directory securely.

func (*Client) RemoveAll added in v1.1.2 

func (c *Client) RemoveAll(path string) error

RemoveAll removes a directory tree securely.

func (*Client) TempDir added in v1.1.2 

func (c *Client) TempDir(prefix string) (string, error)

TempDir creates a temp directory securely.

func (*Client) TempFile added in v1.1.2 

func (c *Client) TempFile(prefix string) (*os.File, error)

TempFile creates a temp file securely.

func (*Client) WriteFile added in v1.1.2 

func (c *Client) WriteFile(file string, data []byte) error

WriteFile writes data to a file securely.

func (*Client) WriteFromReader added in v1.1.2 

func (c *Client) WriteFromReader(file string, reader io.Reader) error

WriteFromReader writes data from a reader to a file securely.

type Option added in v1.1.2 

type Option func(*Client) error

Option configures a Client.

func WithAllowAbsolute added in v1.1.2 

func WithAllowAbsolute(allow bool) Option

WithAllowAbsolute configures absolute path policy for all operations. 

func WithAllowSymlinks(allow bool) Option

WithAllowSymlinks configures symlink policy for all operations.

func WithAllowedRoots added in v1.1.2 

func WithAllowedRoots(roots ...string) Option

WithAllowedRoots configures allowed roots for all operations.

func WithBaseDir added in v1.1.2 

func WithBaseDir(baseDir string) Option

WithBaseDir configures a base directory for all operations.

func WithCopyVerifyChecksum added in v1.1.2 

func WithCopyVerifyChecksum(enable bool) Option

WithCopyVerifyChecksum configures checksum verification for copy operations.

func WithDirDisallowPerms added in v1.1.2 

func WithDirDisallowPerms(perms os.FileMode) Option

WithDirDisallowPerms configures disallowed permissions for directories.

func WithDirEnforceMode added in v1.1.2 

func WithDirEnforceMode(enable bool) Option

WithDirEnforceMode configures directory mode enforcement.

func WithDirMode added in v1.1.2 

func WithDirMode(mode os.FileMode) Option

WithDirMode configures the directory mode used for MkdirAll/TempDir.

func WithLogger added in v1.1.2 

func WithLogger(log hyperlogger.Logger) Option

WithLogger configures the logger used by the client.

func WithOwnerGID added in v1.1.2 

func WithOwnerGID(gid int) Option

WithOwnerGID configures ownership GID checks for all operations.

func WithOwnerUID added in v1.1.2 

func WithOwnerUID(uid int) Option

WithOwnerUID configures ownership UID checks for all operations.

func WithReadAllowNonRegular added in v1.1.2 

func WithReadAllowNonRegular(allow bool) Option

WithReadAllowNonRegular configures non-regular read handling.

func WithReadDisallowPerms added in v1.1.2 

func WithReadDisallowPerms(perms os.FileMode) Option

WithReadDisallowPerms configures disallowed permissions for reads.

func WithReadMaxSize added in v1.1.2 

func WithReadMaxSize(maxBytes int64) Option

WithReadMaxSize configures a max size for reads.

func WithRemoveWipe added in v1.1.2 

func WithRemoveWipe(enable bool) Option

WithRemoveWipe configures best-effort wiping before removal.

func WithTempEnforceFileMode added in v1.1.2 

func WithTempEnforceFileMode(enable bool) Option

WithTempEnforceFileMode configures file mode enforcement for temp files.

func WithTempFileMode added in v1.1.2 

func WithTempFileMode(mode os.FileMode) Option

WithTempFileMode configures the file mode used for temp files.

func WithWriteCreateExclusive added in v1.1.2 

func WithWriteCreateExclusive(enable bool) Option

WithWriteCreateExclusive configures exclusive create behavior.

func WithWriteDisableAtomic added in v1.1.2 

func WithWriteDisableAtomic(disable bool) Option

WithWriteDisableAtomic configures atomic write behavior.

func WithWriteDisableSync added in v1.1.2 

func WithWriteDisableSync(disable bool) Option

WithWriteDisableSync configures fsync behavior for writes.

func WithWriteEnforceFileMode added in v1.1.2 

func WithWriteEnforceFileMode(enable bool) Option

WithWriteEnforceFileMode configures file mode enforcement for writes.

func WithWriteFileMode added in v1.1.2 

func WithWriteFileMode(mode os.FileMode) Option

WithWriteFileMode configures the file mode used for writes.

func WithWriteMaxSize added in v1.1.2 

func WithWriteMaxSize(maxBytes int64) Option

WithWriteMaxSize configures a max size for writes.

func WithWriteSyncDir added in v1.1.2 

func WithWriteSyncDir(enable bool) Option

WithWriteSyncDir configures parent directory sync for writes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.