MCPcopy Index your code
hub / github.com/docker/docker-agent / writeFile

Method writeFile

pkg/tools/builtin/filesystem/filesystem.go:705–714  ·  view source on GitHub ↗

writeFile is a TOCTOU-safe equivalent of [os.WriteFile]. See [readFile] for the contract. The call is rejected by the kernel when any component of rel is an out-of-root symlink, so an attacker cannot win the swap race between the [resolveAndCheckPath] check and the write.

(resolved string, data []byte, perm os.FileMode)

Source from the content-addressed store, hash-verified

703// of rel is an out-of-root symlink, so an attacker cannot win the swap
704// race between the [resolveAndCheckPath] check and the write.
705func (t *ToolSet) writeFile(resolved string, data []byte, perm os.FileMode) error {
706 root, rel, err := t.rootedAccess(resolved)
707 if err != nil {
708 return err
709 }
710 if root != nil {
711 return root.WriteFile(rel, data, perm)
712 }
713 return os.WriteFile(resolved, data, perm)
714}
715
716// stat is a TOCTOU-safe equivalent of [os.Stat]. See [readFile] for the
717// contract.

Callers 3

handleEditFileMethod · 0.95
handleWriteFileMethod · 0.95

Implementers 15

StartableToolSetpkg/tools/startable.go
fakeToolSetpkg/tools/named_test.go
stubDescriberpkg/tools/startable_test.go
stubToolSetpkg/tools/startable_test.go
flappyToolSetpkg/tools/startable_test.go
listFlappyToolSetpkg/tools/startable_test.go
reportingToolSetpkg/tools/startable_test.go
reportingStartOnlyToolSetpkg/tools/startable_test.go
recoveryFailingToolSetpkg/tools/startable_test.go
codeModeToolpkg/tools/codemode/codemode.go
testToolSetpkg/tools/codemode/codemode_test.go
Toolsetpkg/tools/a2a/a2a.go

Calls 1

rootedAccessMethod · 0.95