Real-World Examples
This section shows practical, real-world scenarios where strict-path helps secure your applications. Each example includes complete, runnable code that you can adapt to your own projects.
π How to Read Examples
In examples, string literals passed to
strict_join()orvirtual_join()represent external input that would come from HTTP requests, CLI arguments, configuration files, or archive entries in production. The validation pattern is identical whether the input is a literal or a variable β strict-path validates the path regardless of source.When adapting examples to your code, replace these literals with your actual untrusted input sources.
π Example Categories
Web Applications
- Web File Upload Service - Build a secure file upload service with per-user isolation
- Multi-User Document Storage - Implement user sandboxing where each user feels they have their own filesystem
Application Development
- Configuration File Manager - Safely handle user configuration files with automatic validation
- CLI Tool with Safe Paths - Process user-provided file paths in command-line tools
Security-Critical Operations
- Archive Extraction - Extract ZIP files safely without zip-slip vulnerabilities
- Type-Safe Context Separation - Use marker types to prevent mixing storage contexts at compile time
π― Common Patterns
All examples follow the same security pattern:
- Create a boundary - Define your safe area with
PathBoundaryorVirtualRoot - Validate external input - Always use
strict_join()orvirtual_join()for untrusted paths - Use safe types - Operate through
StrictPathorVirtualPathfor all file operations - Let the compiler help - Type signatures encode security guarantees
π What Makes These Secure?
- No path escapes - Users canβt use
../or absolute paths to escape boundaries - Compile-time safety - Wrong marker types wonβt compile
- Clear interfaces - Function signatures document what paths they accept
- Maintainable - Security isnβt something to remember, itβs in the type system
π‘ Using These Examples
Each example is:
- β Complete - Includes all necessary imports and error handling
- β Runnable - Copy-paste and adapt to your needs
- β Explained - Comments highlight security patterns and key concepts
- β Battle-tested - Shows real attack vectors that are automatically blocked
Choose an example that matches your use case and start building secure applications!