Common Operations Guide
Complete reference for all path operations with strict-path.
This chapter provides comprehensive examples for every operation you’ll need when working with validated paths. Always use dimension-specific methods—never use std::path methods on leaked paths.
Joins
Purpose: Combine a boundary/root with an untrusted segment to create a validated path.
Basic Joins
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
fn join_examples(boundary: &PathBoundary) -> std::io::Result<()> {
// Single join
let file = boundary.strict_join("docs/readme.md")?;
// Join with slash or backslash - both work
let file2 = boundary.strict_join("docs\\readme.md")?;
// Multi-segment path
let deep = boundary.strict_join("a/b/c/d/file.txt")?;
Ok(())
}
}Chained Joins
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
fn chained_joins(boundary: &PathBoundary) -> std::io::Result<()> {
// Navigate through directories
let level1 = boundary.strict_join("level1")?;
let level2 = level1.strict_join("level2")?;
let file = level2.strict_join("file.txt")?;
// Or go up and down
let sibling = level2
.strictpath_parent().unwrap()
.strict_join("sibling/file.txt")?;
Ok(())
}
}Joining Discovered Names
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
fn discover_and_join(boundary: &PathBoundary) -> std::io::Result<Vec<StrictPath>> {
let mut files = Vec::new();
// Walk directory
for entry in boundary.read_dir()? {
let entry = entry?;
let name = entry.file_name();
// IMPORTANT: Re-validate each discovered name
let validated = boundary.strict_join(&name.to_string_lossy())?;
files.push(validated);
}
Ok(files)
}
}Key rules:
- Always validate untrusted segments with
strict_join()orvirtual_join() - Re-validate discovered directory names before using them
- Never use
std::path::Path::join()on untrusted input
Parents and Ancestors
Purpose: Navigate up the directory tree safely.
Getting Parent Directory
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn parent_examples(file: &StrictPath) -> std::io::Result<()> {
// Get parent directory
if let Some(parent) = file.strictpath_parent() {
println!("Parent: {}", parent.strictpath_display());
// Create parent if needed
parent.create_dir_all()?;
} else {
println!("At boundary root");
}
Ok(())
}
}Walking Up to Root
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn walk_to_root(file: &StrictPath) {
let mut current = Some(file.clone());
let mut level = 0;
while let Some(path) = current {
println!("Level {}: {}", level, path.strictpath_display());
current = path.strictpath_parent();
level += 1;
}
}
}Finding Ancestor with Specific Name
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn find_ancestor(file: &StrictPath, target_name: &str) -> Option<StrictPath> {
let mut current = Some(file.clone());
while let Some(path) = current {
if path.strictpath_display().to_string().ends_with(target_name) {
return Some(path);
}
current = path.strictpath_parent();
}
None
}
}Key insight: strictpath_parent() returns None at the boundary root—you can’t escape upward.
File Name and Extension Operations
Purpose: Modify path components while staying within the boundary.
Changing File Names
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn filename_operations(file: &StrictPath) -> std::io::Result<()> {
// Change filename (keeps directory and extension)
let renamed = file.strictpath_with_file_name("newname.txt")?;
// Change just the stem (keeps extension)
let new_stem = file.strictpath_with_file_name("report")?
.strictpath_with_extension(
file.strictpath_extension().unwrap_or("txt")
)?;
Ok(())
}
}Changing Extensions
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn extension_operations(file: &StrictPath) -> std::io::Result<()> {
// Change extension
let markdown = file.strictpath_with_extension("md")?;
let json = file.strictpath_with_extension("json")?;
// Remove extension
let no_ext = file.strictpath_with_extension("")?;
// Add extension if missing
let with_ext = if file.strictpath_extension().is_none() {
file.strictpath_with_extension("txt")?
} else {
file.clone()
};
Ok(())
}
}Combining Operations
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn combined_operations(file: &StrictPath) -> std::io::Result<()> {
// Change both filename and extension
let transformed = file
.strictpath_with_file_name("report")?
.strictpath_with_extension("pdf")?;
// Add timestamp to filename
let timestamp = "2025-10-14";
let current_name = file.strictpath_file_stem().unwrap_or("file");
let timestamped = file.strictpath_with_file_name(
format!("{}_{}", current_name, timestamp)
)?.strictpath_with_extension(
file.strictpath_extension().unwrap_or("txt")
)?;
Ok(())
}
}Rename and Move Operations
Purpose: Move files/directories while staying within the boundary.
Simple Rename (Same Directory)
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
fn simple_rename(boundary: &PathBoundary) -> std::io::Result<()> {
let current = boundary.strict_join("logs/app.log")?;
current.write(b"log data")?;
// Rename returns the new path
let renamed = current.strict_rename("logs/app.old")?;
assert!(renamed.exists());
assert!(!current.exists()); // Original path no longer exists
Ok(())
}
}Move to Different Directory
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
fn move_file(boundary: &PathBoundary) -> std::io::Result<()> {
let source = boundary.strict_join("temp/file.txt")?;
source.write(b"data")?;
// Create destination directory first
let dest_dir = boundary.strict_join("archive")?;
dest_dir.create_dir_all()?;
// Move to new directory
let moved = source.strict_rename("archive/file.txt")?;
Ok(())
}
}Rename with Parent Directory Creation
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn rename_with_mkdir(boundary: &PathBoundary) -> std::io::Result<()> {
let file = boundary.strict_join("data.txt")?;
file.write(b"content")?;
// Rename to path in subdirectory (create if needed)
let new_path = boundary.strict_join("backups/2025/data.txt")?;
if let Some(parent) = new_path.strictpath_parent() {
parent.create_dir_all()?;
}
let renamed = file.strict_rename("backups/2025/data.txt")?;
Ok(())
}
}Virtual Rename (Clean Paths)
#![allow(unused)]
fn main() {
#[cfg(feature = "virtual-path")]
use strict_path::VirtualRoot;
#[cfg(feature = "virtual-path")]
fn virtual_rename_example(vroot: &VirtualRoot) -> std::io::Result<()> {
let file = vroot.virtual_join("uploads/photo.jpg")?;
file.write(b"image data")?;
// Virtual rename - user sees clean paths
let renamed = file.virtual_rename("uploads/photo_2025.jpg")?;
println!("User sees: {}", renamed.virtualpath_display());
// Output: "/uploads/photo_2025.jpg"
println!("System path: {}", renamed.as_unvirtual().strictpath_display());
// Output: actual filesystem path
Ok(())
}
}Deletion Operations
Purpose: Remove files and directories safely.
Delete Single File
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn delete_file(boundary: &PathBoundary) -> std::io::Result<()> {
let file = boundary.strict_join("temp/cache.tmp")?;
// Check existence before deleting
if file.exists() {
file.remove_file()?;
}
Ok(())
}
}Delete Empty Directory
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn delete_empty_dir(boundary: &PathBoundary) -> std::io::Result<()> {
let dir = boundary.strict_join("temp/empty")?;
// Only works if directory is empty
if dir.exists() && dir.metadata()?.is_dir() {
dir.remove_dir()?;
}
Ok(())
}
}Recursive Directory Deletion
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn delete_directory_tree(boundary: &PathBoundary) -> std::io::Result<()> {
let dir = boundary.strict_join("temp/data")?;
// Removes directory and ALL contents recursively
if dir.exists() {
dir.remove_dir_all()?;
}
Ok(())
}
}Safe Cleanup with Validation
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn safe_cleanup(boundary: &PathBoundary, path: &str) -> std::io::Result<()> {
// Validate path first
match boundary.strict_join(path) {
Ok(safe_path) => {
if safe_path.exists() {
if safe_path.metadata()?.is_dir() {
safe_path.remove_dir_all()?;
} else {
safe_path.remove_file()?;
}
println!("Deleted: {}", safe_path.strictpath_display());
}
Ok(())
},
Err(e) => {
eprintln!("🚨 Invalid path, refusing to delete: {e}");
Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, e))
}
}
}
}Safety note: Always validate paths before deletion. Never delete based on untrusted input without validation.
Metadata Inspection
Purpose: Query file/directory properties without reading contents.
Basic Metadata
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
use std::time::SystemTime;
fn inspect_metadata(file: &StrictPath) -> std::io::Result<()> {
let meta = file.metadata()?;
// File type checks
println!("Is file: {}", meta.is_file());
println!("Is directory: {}", meta.is_dir());
println!("Is symlink: {}", meta.file_type().is_symlink());
// Size and permissions
println!("Size: {} bytes", meta.len());
println!("Read-only: {}", meta.permissions().readonly());
// Timestamps
if let Ok(modified) = meta.modified() {
let duration = SystemTime::now().duration_since(modified).unwrap();
println!("Modified {} seconds ago", duration.as_secs());
}
Ok(())
}
}Conditional Operations Based on Metadata
#![allow(unused)]
fn main() {
use strict_path::StrictPath;
fn cleanup_empty_files(file: &StrictPath) -> std::io::Result<()> {
let meta = file.metadata()?;
if meta.is_file() && meta.len() == 0 {
println!("Empty file, removing: {}", file.strictpath_display());
file.remove_file()?;
}
Ok(())
}
}Finding Files by Criteria
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
fn find_large_files(boundary: &PathBoundary, min_size: u64) -> std::io::Result<Vec<StrictPath>> {
let mut large_files = Vec::new();
for entry in boundary.read_dir()? {
let entry = entry?;
let name = entry.file_name();
let path = boundary.strict_join(&name.to_string_lossy())?;
if let Ok(meta) = path.metadata() {
if meta.is_file() && meta.len() > min_size {
large_files.push(path);
}
}
}
Ok(large_files)
}
}Copy Operations
Purpose: Duplicate files while preserving validation.
Simple Copy
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn simple_copy(boundary: &PathBoundary) -> std::io::Result<()> {
let source = boundary.strict_join("docs/original.txt")?;
let dest = boundary.strict_join("docs/copy.txt")?;
// Returns number of bytes copied
let bytes_copied = source.copy(&dest)?;
println!("Copied {bytes_copied} bytes");
Ok(())
}
}Copy with Overwrite Protection
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn copy_if_not_exists(boundary: &PathBoundary) -> std::io::Result<()> {
let source = boundary.strict_join("docs/original.txt")?;
let dest = boundary.strict_join("docs/backup.txt")?;
if !dest.exists() {
source.copy(&dest)?;
println!("Copied to {}", dest.strictpath_display());
} else {
println!("Destination already exists, skipping");
}
Ok(())
}
}Copy to Different Directory
#![allow(unused)]
fn main() {
use strict_path::PathBoundary;
fn copy_to_archive(boundary: &PathBoundary) -> std::io::Result<()> {
let source = boundary.strict_join("docs/report.pdf")?;
// Create backup directory
let backup_dir = boundary.strict_join("backups/2025")?;
backup_dir.create_dir_all()?;
// Copy to backup location
let dest = boundary.strict_join("backups/2025/report.pdf")?;
source.copy(&dest)?;
Ok(())
}
}Comprehensive Example: File Management
Putting it all together—a complete file management function:
#![allow(unused)]
fn main() {
use strict_path::{PathBoundary, StrictPath};
use std::time::{SystemTime, Duration};
fn manage_user_file(
uploads_dir: &PathBoundary,
filename: &str
) -> Result<FileInfo, Box<dyn std::error::Error>> {
// 1. Validate path
let file = uploads_dir.strict_join(filename)?;
// 2. Check existence
if !file.exists() {
return Err("File not found".into());
}
// 3. Get metadata
let meta = file.metadata()?;
// 4. Archive old files
if should_archive(&meta)? {
let archive_dir = uploads_dir.strict_join("archive")?;
archive_dir.create_dir_all()?;
let archived = file.strict_rename(&format!("archive/{filename}"))?;
// 5. Compress large files
if meta.len() > 10_000_000 {
compress_file(&archived)?;
}
return Ok(FileInfo {
path: archived.strictpath_display().to_string(),
status: FileStatus::Archived,
size: meta.len(),
});
}
Ok(FileInfo {
path: file.strictpath_display().to_string(),
status: FileStatus::Active,
size: meta.len(),
})
}
fn should_archive(meta: &std::fs::Metadata) -> std::io::Result<bool> {
let modified = meta.modified()?;
let age = SystemTime::now().duration_since(modified)
.unwrap_or(Duration::ZERO);
Ok(age > Duration::from_secs(30 * 24 * 60 * 60)) // 30 days
}
fn compress_file(_file: &StrictPath) -> std::io::Result<()> {
// Compression implementation
Ok(())
}
#[derive(Debug)]
struct FileInfo {
path: String,
status: FileStatus,
size: u64,
}
#[derive(Debug)]
enum FileStatus {
Active,
Archived,
}
}Key Principles
Always use dimension-specific methods:
- Use
strict_join()/virtual_join()for joins - Use
strictpath_parent()/virtualpath_parent()for parents - Use
strictpath_with_*()/virtualpath_with_*()for modifications - Never use
std::pathmethods on leaked paths
Handle errors explicitly:
- Path operations can fail (permissions, disk full, invalid paths)
- Use
?operator or explicitmatchfor error handling - Log security incidents when paths escape boundaries
Check before destructive operations:
- Use
.exists()before deletion - Use
.metadata()to check file vs. directory - Create parent directories with
.create_dir_all()before moves
Validate discovered paths:
- Re-validate directory entries with
strict_join()/virtual_join() - Don’t trust filesystem listings—validate before use
Learn More
- Best Practices Overview → - Core guidelines and decision matrices
- Real-World Patterns → - Production-ready examples
- Policy & Reuse → - When to use VirtualRoot/PathBoundary
- Authorization Patterns → - Compile-time authorization