github.com/argoproj/argo-cd/v3@v3.2.1/util/io/files/secure_mkdir_default.go

github.com/argoproj/argo-cd/v3@v3.2.1/util/io/files/secure_mkdir_default.go (about)

     1  //go:build !linux
     2  
     3  package files
     4  
     5  import (
     6  	"fmt"
     7  	"os"
     8  
     9  	securejoin "github.com/cyphar/filepath-securejoin"
    10  )
    11  
    12  // SecureMkdirAll creates a directory with the given mode and returns the full path to the directory. It prevents
    13  // directory traversal attacks by ensuring the path is within the root directory. The path is constructed as if the
    14  // given root is the root of the filesystem. So anything traversing outside the root is simply removed from the path.
    15  func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) {
    16  	fullPath, err := securejoin.SecureJoin(root, unsafePath)
    17  	if err != nil {
    18  		return "", fmt.Errorf("failed to construct secure path: %w", err)
    19  	}
    20  	err = os.MkdirAll(fullPath, mode)
    21  	if err != nil {
    22  		return "", fmt.Errorf("failed to create directory: %w", err)
    23  	}
    24  	return fullPath, nil
    25  }