I've been wondering for a long time if #DirectoryTraversal vulnerabilities could be mitigated by a safe path handling library (similarly to e.g. ORM's). As a side-quest, I stared to implement a prototype for Python, and I'm super interested in your unfiltered opinions:

https://github.com/v-p-b/SafePath/

@buherator Why abstract it away from the filesystem? You’re missing out on proper normalization / canonization of paths without risking differentials, symbolic links, etc.

@swapgs I don't follow, could you point to specific parts of the repo/give an example?

@buherator In other words, what motivated this choice?

> "The library doesn't provide information about whether a path exists, or about the filesystem object the path leads to (e.g. file vs. directory vs. symlink). This information should be obtained via OS-specific functions.”

@swapgs Unix philosophy. I want to focus on unintended traversals specifically and IMO detecting e.g. symlinks is beyond that scope. I also think special cases are easier to handle once you have a "well behaving" path, but I may be wrong. Can you provide an example where I'm "missing out"?

@swapgs Maybe something like this could hit a sweet spot?

https://github.com/v-p-b/SafePath/issues/2

@buherator Not a bad argument to want to keep it simple.

I have a train ride tomorrow, I’ll have a look :)