perm.go

Documentation: github.com/theupdateframework/go-tuf/internal/fsutil

     1  //go:build !windows
     2  // +build !windows
     3  
     4  package fsutil
     5  
     6  import (
     7  	"fmt"
     8  	"os"
     9  )
    10  
    11  // EnsureMaxPermissions tests the provided file info, returning an error if the
    12  // file's permission bits contain excess permissions not set in maxPerms.
    13  //
    14  // For example, a file with permissions -rw------- will successfully validate
    15  // with maxPerms -rw-r--r-- or -rw-rw-r--, but will not validate with maxPerms
    16  // -r-------- (due to excess --w------- permission) or --w------- (due to
    17  // excess -r-------- permission).
    18  //
    19  // Only permission bits of the file modes are considered.
    20  func EnsureMaxPermissions(fi os.FileInfo, maxPerms os.FileMode) error {
    21  	gotPerm := fi.Mode().Perm()
    22  	forbiddenPerms := (^maxPerms).Perm()
    23  	excessPerms := gotPerm & forbiddenPerms
    24  
    25  	if excessPerms != 0 {
    26  		return fmt.Errorf("permission bits for file %v failed validation: want at most %v, got %v with excess perms %v", fi.Name(), maxPerms.Perm(), gotPerm, excessPerms)
    27  	}
    28  
    29  	return nil
    30  }
    31

View as plain text