|  | Kea 3.1.0
    | 
Embodies a supported path against which file paths can be validated. More...
#include <filesystem.h>
| Public Member Functions | |
| PathChecker (const std::string default_path, const std::string env_name="") | |
| Constructor. | |
| virtual | ~PathChecker () | 
| Destructor. | |
| std::string | getDefaultPath () const | 
| Fetches the default path. | |
| std::string | getEnvName () const | 
| Fetches the environment variable name. | |
| std::string | getPath (bool reset=false, const std::string explicit_path="") | 
| Fetches the supported path. | |
| bool | isDefaultOverridden () | 
| Indicates if the default path has been overridden. | |
| bool | pathHasPermissions (mode_t permissions, bool enforce_perms=shouldEnforceSecurity()) const | 
| Check if the path has expected permissions. | |
| std::string | validateDirectory (const std::string input_path_str, bool enforce_path=shouldEnforceSecurity()) const | 
| Validates a directory against a supported path. | |
| std::string | validatePath (const std::string input_path_str, bool enforce_path=shouldEnforceSecurity()) const | 
| Validates a file path against a supported path. | |
| Static Public Member Functions | |
| static void | enableEnforcement (bool enable) | 
| Enables or disables security enforcment checks. | |
| static bool | shouldEnforceSecurity () | 
| Indicates security checks should be enforced. | |
Embodies a supported path against which file paths can be validated.
Definition at line 203 of file filesystem.h.
| isc::util::file::PathChecker::PathChecker | ( | const std::string | default_path, | 
| const std::string | env_name = "" ) | 
Constructor.
Makes a call to getPath(true) to initialize the supported path.
| default_path | path to use unless overridden by explicitly or via environment variable. | 
| env_name | name of environment variable (if one), that can override the default path. | 
Definition at line 248 of file filesystem.cc.
References getPath().
| 
 | inlinevirtual | 
Destructor.
Definition at line 216 of file filesystem.h.
| 
 | static | 
Enables or disables security enforcment checks.
| enable | true to enable security checks, false to disable. | 
Definition at line 355 of file filesystem.cc.
Referenced by main(), and isc::process::DControllerBase::parseArgs().
| 
 | inline | 
Fetches the default path.
Definition at line 285 of file filesystem.h.
| 
 | inline | 
Fetches the environment variable name.
Definition at line 290 of file filesystem.h.
| std::string isc::util::file::PathChecker::getPath | ( | bool | reset = false, | 
| const std::string | explicit_path = "" ) | 
Fetches the supported path.
When called with reset=true it will calculate the supported path as follows:
| reset | recalculate when true, defaults to false. | 
| explicit_path | set the default path to this value. This is for testing purposes only. | 
Definition at line 256 of file filesystem.cc.
Referenced by PathChecker().
| bool isc::util::file::PathChecker::isDefaultOverridden | ( | ) | 
Indicates if the default path has been overridden.
Definition at line 347 of file filesystem.cc.
| bool isc::util::file::PathChecker::pathHasPermissions | ( | mode_t | permissions, | 
| bool | enforce_perms = shouldEnforceSecurity() ) const | 
Check if the path has expected permissions.
| permissions | The expected permissions. | 
| enforce_perms | Enables permsissions check. If false the function simply returns true. | 
Definition at line 341 of file filesystem.cc.
References isc::util::file::hasPermissions().
| 
 | static | 
Indicates security checks should be enforced.
Definition at line 351 of file filesystem.cc.
Referenced by isc::config::HttpCommandConfig::HttpCommandConfig(), main(), isc::d2::TSIGKeyInfoParser::parse(), isc::http::BasicHttpAuthConfig::parse(), isc::agent::CtrlAgentProcess::run(), isc::d2::D2Process::run(), and isc::config::UnixCommandConfig::validatePath().
| std::string isc::util::file::PathChecker::validateDirectory | ( | const std::string | input_path_str, | 
| bool | enforce_path = shouldEnforceSecurity() ) const | 
Validates a directory against a supported path.
Used to validate a string that represents a directory that may or may not end with a "/" (i.e "/foo/bar", bar is assumed to be the a directory, not a file.
If the input is empty or it matches the supported path, it returns the supported path. Otherwise it throws an error.
| input_path_str | file path to validate. | 
| enforce_path | If true throw SecurityError when validation against the supported path fails, if false throw SecurityWarn. | 
| SecurityError | if the path does not match the supported path and security is being enforced, SecurityWarn if it is not being enforced. | 
Definition at line 313 of file filesystem.cc.
References isc_throw, and isc::util::str::trim().
| std::string isc::util::file::PathChecker::validatePath | ( | const std::string | input_path_str, | 
| bool | enforce_path = shouldEnforceSecurity() ) const | 
Validates a file path against a supported path.
If the input path specifies a parent path and file name, the parent path is validated against the supported path. If they match, the function returns the validated path. If the input path contains only a file name the function returns valid path using the supported path and the input path name.
| input_path_str | file path to validate. | 
| enforce_path | If true throw SecurityError when validation against the supported path fails, if false throw SecurityWarn. | 
| BadValue | if the input path does not include a file name. @trhow SecurityError if the parent path does not path the supported path and security is being enforced, SecurityWarn if it is not being enforced. | 
Definition at line 281 of file filesystem.cc.
References isc::util::file::Path::filename(), isc_throw, isc::util::file::Path::parentDirectory(), isc::util::file::Path::parentPath(), isc::util::file::Path::str(), and isc::util::str::trim().