Path Security and Validation
Apply these steps whenever a command or processor touches user-provided paths.
Required Steps
- •Validate all input paths with
audio::path_validation::validate_input_audio_path(). - •Enforce extension whitelists and traversal safety via the validation layer.
- •Check output directories are writable before processing.
- •Avoid leaking raw paths in user-facing errors; map to
AppError.
Internal Docs
- •
docs/external-apis/path-handling.md
Minimal Pattern
rust
use crate::audio::path_validation::validate_input_audio_path;
use crate::errors::Result;
use std::path::PathBuf;
#[tauri::command]
pub fn command_with_path(file_path: String) -> Result<()> {
let path = PathBuf::from(&file_path);
let validated = validate_input_audio_path(&path)?;
// Use validated path only.
Ok(())
}
Output Directory Guardrail
Before writing output, probe the target directory for write permissions and fail fast if it is not writable. Prefer existing helpers in audio::path_validation or nearby command modules.
Codebase Pointers
- •
src-tauri/src/audio/path_validation.rs - •
src-tauri/src/commands/audio.rs - •
src-tauri/src/errors.rs