Class: OllamaAgent::Security::ResourceGuard

Inherits:

Object

Object
OllamaAgent::Security::ResourceGuard

show all

Defined in:: lib/ollama_agent/security/resource_guard.rb

Overview

Ensures candidate paths remain within the configured workspace root.

Instance Method Summary collapse

#allow?(candidate_path) ⇒ Boolean
#initialize(root:) ⇒ ResourceGuard constructor

A new instance of ResourceGuard.

Constructor Details

#initialize(root:) ⇒ `ResourceGuard`

Returns a new instance of ResourceGuard.



9
10
11

# File 'lib/ollama_agent/security/resource_guard.rb', line 9

def initialize(root:)
  @root = Pathname.new(root).realpath
end

Instance Method Details

#allow?(candidate_path) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/ollama_agent/security/resource_guard.rb', line 13

def allow?(candidate_path)
  return false if candidate_path.to_s.empty?
  return false if raw_path_has_dot_dot?(candidate_path)

  expanded = expand_candidate(candidate_path)
  relative = expanded.relative_path_from(@root)
  return false if relative.each_filename.to_a.include?("..")

  segments_remain_under_root?(relative)
rescue ArgumentError, Errno::ENOENT, Errno::ELOOP, Errno::EACCES
  false
end

Class: OllamaAgent::Security::ResourceGuard

Overview

Instance Method Summary collapse

Constructor Details

#initialize(root:) ⇒ ResourceGuard

Instance Method Details

#allow?(candidate_path) ⇒ Boolean

#initialize(root:) ⇒ `ResourceGuard`

#allow?(candidate_path) ⇒ `Boolean`