Nix 2.26.3
Nix, the purely functional package manager; unstable internal interfaces
 
Loading...
Searching...
No Matches
nix::FilteringSourceAccessor Struct Referenceabstract

#include <filtering-source-accessor.hh>

Inheritance diagram for nix::FilteringSourceAccessor:
nix::SourceAccessor nix::AllowListSourceAccessor nix::CachingFilteringSourceAccessor nix::AllowListSourceAccessorImpl nix::GitExportIgnoreSourceAccessor

Public Member Functions

 FilteringSourceAccessor (const SourcePath &src, MakeNotAllowedError &&makeNotAllowedError)
 
std::optional< std::filesystem::path > getPhysicalPath (const CanonPath &path) override
 
std::string readFile (const CanonPath &path) override
 
bool pathExists (const CanonPath &path) override
 
std::optional< StatmaybeLstat (const CanonPath &path) override
 
DirEntries readDirectory (const CanonPath &path) override
 
std::string readLink (const CanonPath &path) override
 
std::string showPath (const CanonPath &path) override
 
void checkAccess (const CanonPath &path)
 
virtual bool isAllowed (const CanonPath &path)=0
 
- Public Member Functions inherited from nix::SourceAccessor
virtual void readFile (const CanonPath &path, Sink &sink, std::function< void(uint64_t)> sizeCallback=[](uint64_t size){})
 
Stat lstat (const CanonPath &path)
 
virtual void dumpPath (const CanonPath &path, Sink &sink, PathFilter &filter=defaultPathFilter)
 
Hash hashPath (const CanonPath &path, PathFilter &filter=defaultPathFilter, HashAlgorithm ha=HashAlgorithm::SHA256)
 
bool operator== (const SourceAccessor &x) const
 
auto operator<=> (const SourceAccessor &x) const
 
void setPathDisplay (std::string displayPrefix, std::string displaySuffix="")
 
CanonPath resolveSymlinks (const CanonPath &path, SymlinkResolution mode=SymlinkResolution::Full)
 
virtual std::optional< time_t > getLastModified ()
 

Public Attributes

ref< SourceAccessornext
 
CanonPath prefix
 
MakeNotAllowedError makeNotAllowedError
 
- Public Attributes inherited from nix::SourceAccessor
const size_t number
 
std::string displayPrefix
 
std::string displaySuffix
 
std::optional< std::string > fingerprint
 

Additional Inherited Members

- Public Types inherited from nix::SourceAccessor
enum  Type {
  tRegular , tSymlink , tDirectory , tChar ,
  tBlock , tSocket , tFifo , tUnknown
}
 
typedef std::optional< TypeDirEntry
 
typedef std::map< std::string, DirEntry > DirEntries
 

Detailed Description

An abstract wrapping SourceAccessor that performs access control. Subclasses should override isAllowed() to implement an access control policy. The error message is customized at construction.

Member Function Documentation

◆ checkAccess()

void nix::FilteringSourceAccessor::checkAccess ( const CanonPath & path)

Call makeNotAllowedError to throw a RestrictedPathError exception if isAllowed() returns false for path.

◆ getPhysicalPath()

std::optional< std::filesystem::path > nix::FilteringSourceAccessor::getPhysicalPath ( const CanonPath & path)
overridevirtual

Return a corresponding path in the root filesystem, if possible. This is only possible for filesystems that are materialized in the root filesystem.

Reimplemented from nix::SourceAccessor.

◆ isAllowed()

virtual bool nix::FilteringSourceAccessor::isAllowed ( const CanonPath & path)
pure virtual

Return true iff access to path is allowed.

Implemented in nix::AllowListSourceAccessorImpl, and nix::CachingFilteringSourceAccessor.

◆ maybeLstat()

std::optional< SourceAccessor::Stat > nix::FilteringSourceAccessor::maybeLstat ( const CanonPath & path)
overridevirtual

Implements nix::SourceAccessor.

◆ pathExists()

bool nix::FilteringSourceAccessor::pathExists ( const CanonPath & path)
overridevirtual

Reimplemented from nix::SourceAccessor.

◆ readDirectory()

SourceAccessor::DirEntries nix::FilteringSourceAccessor::readDirectory ( const CanonPath & path)
overridevirtual
Note
Like readFile, this method should not follow symlinks.

Implements nix::SourceAccessor.

◆ readFile()

std::string nix::FilteringSourceAccessor::readFile ( const CanonPath & path)
overridevirtual

Return the contents of a file as a string.

Note
Unlike Unix, this method should not follow symlinks. Nix by default wants to manipulate symlinks explicitly, and not implictly follow them, as they are frequently untrusted user data and thus may point to arbitrary locations. Acting on the targets targets of symlinks should only occasionally be done, and only with care.

Reimplemented from nix::SourceAccessor.

◆ readLink()

std::string nix::FilteringSourceAccessor::readLink ( const CanonPath & path)
overridevirtual

Implements nix::SourceAccessor.

◆ showPath()

std::string nix::FilteringSourceAccessor::showPath ( const CanonPath & path)
overridevirtual

Reimplemented from nix::SourceAccessor.


The documentation for this struct was generated from the following files: