diff options
Diffstat (limited to 'internal/fsutil/perm.go')
| -rw-r--r-- | internal/fsutil/perm.go | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/internal/fsutil/perm.go b/internal/fsutil/perm.go new file mode 100644 index 0000000..f94add6 --- /dev/null +++ b/internal/fsutil/perm.go @@ -0,0 +1,30 @@ +//go:build !windows +// +build !windows + +package fsutil + +import ( + "fmt" + "os" +) + +// EnsureMaxPermissions tests the provided file info, returning an error if the +// file's permission bits contain excess permissions not set in maxPerms. +// +// For example, a file with permissions -rw------- will successfully validate +// with maxPerms -rw-r--r-- or -rw-rw-r--, but will not validate with maxPerms +// -r-------- (due to excess --w------- permission) or --w------- (due to +// excess -r-------- permission). +// +// Only permission bits of the file modes are considered. +func EnsureMaxPermissions(fi os.FileInfo, maxPerms os.FileMode) error { + gotPerm := fi.Mode().Perm() + forbiddenPerms := (^maxPerms).Perm() + excessPerms := gotPerm & forbiddenPerms + + if excessPerms != 0 { + return fmt.Errorf("permission bits for file %v failed validation: want at most %v, got %v with excess perms %v", fi.Name(), maxPerms.Perm(), gotPerm, excessPerms) + } + + return nil +} |