berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge 31ff1ef12c into b6ad483699

This commit is contained in:
Andrew Scott 2025-07-14 21:42:00 -07:00 committed by GitHub
parent b6ad483699 31ff1ef12c
commit 1ed3f9b0fc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
actix-files/CHANGES.md
View File

@ -2,6 +2,7 @@
## Unreleased ## Unreleased
- `PathBufWrap` & `UriSegmentError` made public.
- Minimum supported Rust version (MSRV) is now 1.75. - Minimum supported Rust version (MSRV) is now 1.75.
## 0.6.6 ## 0.6.6

1
actix-files/src/error.rs
View File

@ -21,6 +21,7 @@ impl ResponseError for FilesError {
} }
} }
/// Error which can occur with parsing/validating a request-uri path
#[derive(Debug, PartialEq, Eq, Display)] #[derive(Debug, PartialEq, Eq, Display)]
#[non_exhaustive] #[non_exhaustive]
pub enum UriSegmentError { pub enum UriSegmentError {

5
actix-files/src/lib.rs
View File

@ -37,13 +37,12 @@ mod range;
mod service; mod service;
pub use self::{ pub use self::{
chunked::ChunkedReadFile, directory::Directory, files::Files, named::NamedFile, chunked::ChunkedReadFile, directory::Directory, error::UriSegmentError, files::Files,
range::HttpRange, service::FilesService, named::NamedFile, path_buf::PathBufWrap, range::HttpRange, service::FilesService,
}; };
use self::{ use self::{
directory::{directory_listing, DirectoryRenderer}, directory::{directory_listing, DirectoryRenderer},
error::FilesError, error::FilesError,
path_buf::PathBufWrap,
}; };
type HttpService = BoxService<ServiceRequest, ServiceResponse, Error>; type HttpService = BoxService<ServiceRequest, ServiceResponse, Error>;

14
actix-files/src/path_buf.rs
View File

@ -8,8 +8,11 @@ use actix_web::{dev::Payload, FromRequest, HttpRequest};
use crate::error::UriSegmentError; use crate::error::UriSegmentError;
/// Secure Path Traversal Guard
///
/// This struct parses a request-uri [`PathBuf`](std::path::PathBuf)
#[derive(Debug, PartialEq, Eq)] #[derive(Debug, PartialEq, Eq)]
pub(crate) struct PathBufWrap(PathBuf); pub struct PathBufWrap(PathBuf);
impl FromStr for PathBufWrap { impl FromStr for PathBufWrap {
type Err = UriSegmentError; type Err = UriSegmentError;
@ -20,6 +23,15 @@ impl FromStr for PathBufWrap {
} }
impl PathBufWrap { impl PathBufWrap {
/// Parse a safe path from a supplied [`HttpRequest`](actix_web::HttpRequest),
/// given the choice of allowing hiddden files to be considered valid segments.
///
/// Path traversal is guarded by this method.
#[inline]
pub fn parse_req(req: &HttpRequest, hidden_files: bool) -> Result<Self, UriSegmentError> {
Self::parse_path(req.match_info().unprocessed(), hidden_files)
}
/// Parse a path, giving the choice of allowing hidden files to be considered valid segments. /// Parse a path, giving the choice of allowing hidden files to be considered valid segments.
/// ///
/// Path traversal is guarded by this method. /// Path traversal is guarded by this method.