How should I go about preventing potential directory traversal attacks when using and concatenating user-input paths?
Path::canonicalize only works for files that actually exist, so it can't be used for detecting directory traversal
#Directory traversal attacks
eager plinth
clever grotto
How should I go about preventing potential directory traversal attacks when usin...
Would using canonicalize then starts_with work 
The canonicalize is definitely needed to prevent escape by using a symlink
eager plinth
Would using canonicalize then `starts_with` work <:ferrisWhat:797313595973042186...
Nah, because canonicalize fails if the path doesn't exist
clever grotto
Nah, because canonicalize fails if the path doesn't exist
What do you want to do in that case
eager plinth
Let's say I'm extracting a zip file or something, to some/directory/
I want to ensure some/directory/{user_input_path} doesn't leave some/directory
clever grotto
I want to ensure `some/directory/{user_input_path}` doesn't leave `some/director...
Oh, so your taking the path to make?
Not a path to read
eager plinth
Ya
clever grotto
Ya
How about concat it with the root then run https://lib.rs/crates/path-clean on it then check it stays in the same root folder with starts with?
eager plinth
Yeah, I think that'll do, thank you
I kind of expected the OS to provide some sort of help with this
clever grotto
Yeah, I think that'll do, thank you
I kind of expected the OS to provide some so...
You could setup a fully sandboxed filesystem but that seems like more work than you probably need
tropic jasper