MCPcopy
hub / github.com/larksuite/cli / AssertSecurePath

Function AssertSecurePath

internal/binding/audit.go:32–65  ·  view source on GitHub ↗

AssertSecurePath verifies that a file/command path is safe for use with OpenClaw SecretRef resolution. On success it returns the effective path (the symlink target, if the input was a symlink and allowed). The check is a short, ordered pipeline — each step below is both a read of the contract and a

(params AuditParams)

Source from the content-addressed store, hash-verified

30// The check is a short, ordered pipeline — each step below is both a read of
31// the contract and a pointer to the helper that enforces it.
32func AssertSecurePath(params AuditParams) (string, error) {
33 target := params.TargetPath
34 label := params.Label
35
36 if err := requireAbsolutePath(target, label); err != nil {
37 return "", err
38 }
39
40 linfo, err := lstatNonDir(target, label)
41 if err != nil {
42 return "", err
43 }
44
45 effectivePath, err := resolveSymlinkIfAllowed(target, linfo, params)
46 if err != nil {
47 return "", err
48 }
49
50 if err := requireInTrustedDirs(effectivePath, params.TrustedDirs, label); err != nil {
51 return "", err
52 }
53
54 if params.AllowInsecurePath {
55 return effectivePath, nil
56 }
57
58 if err := auditFilePermissions(effectivePath, params.AllowReadableByOthers, label); err != nil {
59 return "", err
60 }
61 if err := checkOwnerUID(effectivePath, label); err != nil {
62 return "", err
63 }
64 return effectivePath, nil
65}
66
67// requireAbsolutePath rejects relative paths; relative paths would depend on
68// the process cwd and defeat the point of a static audit. Shell-style

Calls 6

requireAbsolutePathFunction · 0.85
lstatNonDirFunction · 0.85
resolveSymlinkIfAllowedFunction · 0.85
requireInTrustedDirsFunction · 0.85
auditFilePermissionsFunction · 0.70
checkOwnerUIDFunction · 0.70