Module: Rixie::Tool::FileSandbox

Defined in:

lib/rixie/tool/file_sandbox.rb

Overview

Shared path resolution + safety check for file_read / file_list / file_search. Rejects paths that escape the configured root directory after expansion.

Defined Under Namespace

Classes: PathError

Class Method Summary

• .binary?(path) ⇒ Boolean
• .resolve(root_dir, relative_path) ⇒ Object
• .root(root_dir) ⇒ Object

Class Method Details

.binary?(path) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rixie/tool/file_sandbox.rb', line 28

def self.binary?(path)
  File.open(path, "rb") { |f| f.read(BINARY_PROBE_BYTES).to_s.include?("\0") }
end

.resolve(root_dir, relative_path) ⇒ Object

Raises:

• (PathError)

# File 'lib/rixie/tool/file_sandbox.rb', line 14

def self.resolve(root_dir, relative_path)
  segments = relative_path.to_s.split(%r{[/\\]})
  raise PathError, "Path '#{relative_path}' contains '..' segment" if segments.include?("..")

  base = root(root_dir)
  target = File.expand_path(relative_path.to_s, base)
  return target if target == base || target.start_with?(base + File::SEPARATOR)

  raise PathError, "Path '#{relative_path}' is outside root_dir"
end

.root(root_dir) ⇒ Object

# File 'lib/rixie/tool/file_sandbox.rb', line 10

def self.root(root_dir)
  File.expand_path(root_dir || Dir.pwd)
end