diff options
| author | umohnani8 <umohnani@redhat.com> | 2018-04-18 16:48:35 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-04-19 14:08:47 +0000 |
| commit | 27107fdac1d75f97caab47cd13efb1d9900cf350 (patch) | |
| tree | f5edafbb52505829b15e19ea6a9e66f4440e862b /vendor/github.com/cyphar/filepath-securejoin/README.md | |
| parent | 6a9dbf3305e93e5e1c3bff09402a9b801c935fbd (diff) | |
| download | podman-27107fdac1d75f97caab47cd13efb1d9900cf350.tar.gz podman-27107fdac1d75f97caab47cd13efb1d9900cf350.tar.bz2 podman-27107fdac1d75f97caab47cd13efb1d9900cf350.zip | |
Vendor in latest containers/image and contaners/storage
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
Diffstat (limited to 'vendor/github.com/cyphar/filepath-securejoin/README.md')
| -rw-r--r-- | vendor/github.com/cyphar/filepath-securejoin/README.md | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md deleted file mode 100644 index 49b2baa9f..000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ /dev/null @@ -1,65 +0,0 @@ -## `filepath-securejoin` ## - -[](https://travis-ci.org/cyphar/filepath-securejoin) - -An implementation of `SecureJoin`, a [candidate for inclusion in the Go -standard library][go#20126]. The purpose of this function is to be a "secure" -alternative to `filepath.Join`, and in particular it provides certain -guarantees that are not provided by `filepath.Join`. - -This is the function prototype: - -```go -func SecureJoin(root, unsafePath string) (string, error) -``` - -This library **guarantees** the following: - -* If no error is set, the resulting string **must** be a child path of - `SecureJoin` and will not contain any symlink path components (they will all - be expanded). - -* When expanding symlinks, all symlink path components **must** be resolved - relative to the provided root. In particular, this can be considered a - userspace implementation of how `chroot(2)` operates on file paths. Note that - these symlinks will **not** be expanded lexically (`filepath.Clean` is not - called on the input before processing). - -* Non-existant path components are unaffected by `SecureJoin` (similar to - `filepath.EvalSymlinks`'s semantics). - -* The returned path will always be `filepath.Clean`ed and thus not contain any - `..` components. - -A (trivial) implementation of this function on GNU/Linux systems could be done -with the following (note that this requires root privileges and is far more -opaque than the implementation in this library, and also requires that -`readlink` is inside the `root` path): - -```go -package securejoin - -import ( - "os/exec" - "path/filepath" -) - -func SecureJoin(root, unsafePath string) (string, error) { - unsafePath = string(filepath.Separator) + unsafePath - cmd := exec.Command("chroot", root, - "readlink", "--canonicalize-missing", "--no-newline", unsafePath) - output, err := cmd.CombinedOutput() - if err != nil { - return "", err - } - expanded := string(output) - return filepath.Join(root, expanded), nil -} -``` - -[go#20126]: https://github.com/golang/go/issues/20126 - -### License ### - -The license of this project is the same as Go, which is a BSD 3-clause license -available in the `LICENSE` file. |