readFile is a TOCTOU-safe equivalent of [os.ReadFile] for paths that the allow-list contains. When no rooted access is available it falls back to the plain [os.ReadFile]. Callers MUST pass a path that has already been validated by [resolveAndCheckPath].
(resolved string)
| 688 | // the plain [os.ReadFile]. Callers MUST pass a path that has already been |
| 689 | // validated by [resolveAndCheckPath]. |
| 690 | func (t *ToolSet) readFile(resolved string) ([]byte, error) { |
| 691 | root, rel, err := t.rootedAccess(resolved) |
| 692 | if err != nil { |
| 693 | return nil, err |
| 694 | } |
| 695 | if root != nil { |
| 696 | return root.ReadFile(rel) |
| 697 | } |
| 698 | return os.ReadFile(resolved) |
| 699 | } |
| 700 | |
| 701 | // writeFile is a TOCTOU-safe equivalent of [os.WriteFile]. See [readFile] |
| 702 | // for the contract. The call is rejected by the kernel when any component |