AgentSkillsCN

path-security-validation

为Audiobook Boss验证并保护文件路径。在新增文件输入/输出、文件对话框,或在命令与音频处理中引入任何路径处理时使用此功能,以强制执行扩展名白名单、规范化处理、防止遍历风险,以及提供安全的错误提示信息。

SKILL.md
--- frontmatter
name: path-security-validation
description: Validate and secure file paths for audiobook-boss. Use when adding new file inputs/outputs, file dialogs, or any path handling in commands or audio processing to enforce extension whitelists, canonicalization, traversal safety, and safe error messaging.

Path Security and Validation

Apply these steps whenever a command or processor touches user-provided paths.

Required Steps

  1. Validate all input paths with audio::path_validation::validate_input_audio_path().
  2. Enforce extension whitelists and traversal safety via the validation layer.
  3. Check output directories are writable before processing.
  4. Avoid leaking raw paths in user-facing errors; map to AppError.

Internal Docs

  • docs/external-apis/path-handling.md

Minimal Pattern

rust
use crate::audio::path_validation::validate_input_audio_path;
use crate::errors::Result;
use std::path::PathBuf;

#[tauri::command]
pub fn command_with_path(file_path: String) -> Result<()> {
    let path = PathBuf::from(&file_path);
    let validated = validate_input_audio_path(&path)?;
    // Use validated path only.
    Ok(())
}

Output Directory Guardrail

Before writing output, probe the target directory for write permissions and fail fast if it is not writable. Prefer existing helpers in audio::path_validation or nearby command modules.

Codebase Pointers

  • src-tauri/src/audio/path_validation.rs
  • src-tauri/src/commands/audio.rs
  • src-tauri/src/errors.rs