Struct fs_mistrust::Verifier
source · pub struct Verifier<'a> {
pub(crate) mistrust: &'a Mistrust,
pub(crate) readable_okay: bool,
pub(crate) collect_multiple_errors: bool,
pub(crate) enforce_type: Type,
pub(crate) check_contents: bool,
}
Expand description
An object used to perform a single check.
Obtained from Mistrust::verifier()
.
A Verifier
is used when Mistrust::check_directory
and
Mistrust::make_directory
are not sufficient for your needs.
Fields§
§mistrust: &'a Mistrust
The Mistrust
that was used to create this verifier.
readable_okay: bool
Has the user called Verifier::permit_readable
?
collect_multiple_errors: bool
Has the user called Verifier::all_errors
?
enforce_type: Type
If the user called Verifier::require_file
or
Verifier::require_directory
, which did they call?
check_contents: bool
If true, we want to check all the contents of this directory as well as
the directory itself. Requires the walkdir
feature.
Implementations§
source§impl<'a> Verifier<'a>
impl<'a> Verifier<'a>
sourcepub(crate) fn check_errors(
&self,
path: &Path
) -> impl Iterator<Item = Error> + '_
pub(crate) fn check_errors( &self, path: &Path ) -> impl Iterator<Item = Error> + '_
Return an iterator of all the security problems with path
.
If the iterator is empty, then there is no problem with path
.
sourcepub(crate) fn check_content_errors(
&self,
path: &Path
) -> impl Iterator<Item = Error> + '_
Available on crate feature walkdir
only.
pub(crate) fn check_content_errors( &self, path: &Path ) -> impl Iterator<Item = Error> + '_
walkdir
only.If check_contents is set, return an iterator over all the errors in elements contained in this directory.
sourcepub(crate) fn check_one(
&self,
path: &Path,
path_type: PathType,
meta: &Metadata
) -> Vec<Error>
pub(crate) fn check_one( &self, path: &Path, path_type: PathType, meta: &Metadata ) -> Vec<Error>
Check a single path
for conformance with this Verifier
.
Note that this result is only meaningful if all of the ancestors of this path have been checked. Otherwise, a non-trusted user could change where this path points after it has been checked.
sourcefn check_type(
&self,
path: &Path,
path_type: PathType,
meta: &Metadata,
errors: &mut Vec<Error>
)
fn check_type( &self, path: &Path, path_type: PathType, meta: &Metadata, errors: &mut Vec<Error> )
Check whether a given file has the correct type, and push an error into
errors
if not. Other inputs are as for check_one
.
sourcefn check_permissions(
&self,
path: &Path,
path_type: PathType,
meta: &Metadata,
errors: &mut Vec<Error>
)
Available on target_family="unix"
only.
fn check_permissions( &self, path: &Path, path_type: PathType, meta: &Metadata, errors: &mut Vec<Error> )
target_family="unix"
only.Check whether a given file has the correct ownership and permissions,
and push errors into errors
if not. Other inputs are as for
check_one
.
On iOS, check permissions but assumes the owner is the current user.
source§impl<'a> Verifier<'a>
impl<'a> Verifier<'a>
sourcepub fn require_file(self) -> Self
pub fn require_file(self) -> Self
Configure this Verifier
to require that all paths it checks be
files (not directories).
sourcepub fn require_directory(self) -> Self
pub fn require_directory(self) -> Self
Configure this Verifier
to require that all paths it checks be
directories.
sourcepub fn permit_all_object_types(self) -> Self
pub fn permit_all_object_types(self) -> Self
Configure this Verifier
to allow the paths that it checks to be
filesystem objects of any type.
By default, the final path (after resolving all links) must be a directory or a regular file, not (for example) a block device or a named pipe.
sourcepub fn permit_readable(self) -> Self
pub fn permit_readable(self) -> Self
Configure this Verifier
to permit the target files/directory to be
readable by untrusted users.
By default, we assume that the caller wants the target file or directory to be only readable or writable by trusted users. With this flag, we permit the target file or directory to be readable by untrusted users, but not writable.
(Note that we always allow the parent directories of the target to be readable by untrusted users, since their readability does not make the target readable.)
sourcepub fn all_errors(self) -> Self
pub fn all_errors(self) -> Self
Tell this Verifier
to accumulate as many errors as possible, rather
than stopping at the first one.
If a single error is found, that error will be returned. Otherwise, the
resulting error type will be Error::Multiple
.
§Example
if let Err(e) = Mistrust::new().verifier().all_errors().check("/home/gardenGnostic/.gnupg/") {
for error in e.errors() {
println!("{}", e)
}
}
sourcepub fn check_content(self) -> Self
Available on crate feature walkdir
only.
pub fn check_content(self) -> Self
walkdir
only.Configure this verifier so that, after checking the directory, check all of its contents.
Symlinks are not permitted; both files and directories are allowed. This
option implies require_directory()
, since only a directory can have
contents.
Requires that the walkdir
feature is enabled.
sourcepub fn check<P: AsRef<Path>>(self, path: P) -> Result<()>
pub fn check<P: AsRef<Path>>(self, path: P) -> Result<()>
Check whether the file or directory at path
conforms to the
requirements of this Verifier
and the Mistrust
that created it.
sourcepub fn make_directory<P: AsRef<Path>>(self, path: P) -> Result<()>
pub fn make_directory<P: AsRef<Path>>(self, path: P) -> Result<()>
Check whether path
is a valid directory, and create it if it doesn’t
exist.
Returns Ok
if the directory already existed or if it was just created,
and it conforms to the requirements of this Verifier
and the
Mistrust
that created it.
Return an error if:
- there was a permissions or ownership problem in the path or any of its ancestors,
- there was a problem when creating the directory
- after creating the directory, we found that it had a permissions or ownership problem.
sourcepub fn secure_dir<P: AsRef<Path>>(self, path: P) -> Result<CheckedDir>
pub fn secure_dir<P: AsRef<Path>>(self, path: P) -> Result<CheckedDir>
Check whether path
is a directory conforming to the requirements of
this Verifier
and the Mistrust
that created it.
If it is, then return a new CheckedDir
that can be used to securely access
the contents of this directory.
sourcepub fn make_secure_dir<P: AsRef<Path>>(self, path: P) -> Result<CheckedDir>
pub fn make_secure_dir<P: AsRef<Path>>(self, path: P) -> Result<CheckedDir>
Check whether path
is a directory conforming to the requirements of
this Verifier
and the Mistrust
that created it.
If successful, then return a new CheckedDir
that can be used to
securely access the contents of this directory.