Skip to content

Releases: tenuo-ai/path_jail

v0.2.0

30 Dec 03:19
@aimable100 aimable100
v0.2.0
931ab87

Choose a tag to compare

View all tags
v0.2.0 Latest
Latest

Breaking Changes

  • JailError is now #[non_exhaustive] - add a catch-all arm to matches
  • MSRV bumped from 1.70 to 1.80

Security

  • Reject null bytes in paths (prevents C string terminator attacks)
  • Reject filesystem roots (/, C:\) at construction

Added

  • InvalidRoot error variant with context-aware messages
  • Comprehensive edge case tests (38 total)
  • Framework examples (Axum, Actix-web)
  • CHANGELOG.md

See CHANGELOG.md for full details.

Assets 2
Loading

v0.1.0

29 Dec 08:26
@aimable100 aimable100
v0.1.0
e323c51

Choose a tag to compare

View all tags
v0.1.0

v0.1.0

Initial release of path_jail - a zero-dependency filesystem sandbox for Rust.

Features

  • Jail::new() - Create a sandbox rooted at a directory
  • Jail::join() - Safely join relative paths (works for non-existent files)
  • Jail::contains() - Verify an absolute path is inside the jail
  • Jail::relative() - Extract relative path for database storage
  • path_jail::join() - One-shot convenience function

Security

Blocks:

  • Path traversal (../../etc/passwd)
  • Symlink escapes (symlinks pointing outside the jail)
  • Symlink chains (a -> b -> /etc)
  • Broken symlinks (cannot verify target)
  • Absolute path injection

Notes

  • Zero runtime dependencies
  • #[must_use] on join() and contains() to prevent confused deputy bugs
  • See DESIGN.md for security model and limitations (TOCTOU)
Loading