Skip to content

Add secure_file_reader utility and tests #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add secure_file_reader utility and tests #36

wants to merge 1 commit into from

Conversation

@Mwessc
Copy link

@Mwessc Mwessc commented Jun 14, 2025

This commit introduces a new Python utility function, secure_file_reader, located in src/secure_file_utils.py. This function demonstrates secure coding principles for reading files, including:

  • Robust input sanitization (stripping whitespace, checking for empty filenames).
  • Prohibition of dangerous characters and sequences (e.g., '../', absolute paths, null bytes).
  • Enforcement of allowed file extensions.
  • Path whitelisting by ensuring the resolved absolute path of a requested file is within a defined secure base directory.

The function is designed for simulation and educational purposes, showing how to build file handling logic with security in mind. It includes detailed comments explaining each security principle.

Comprehensive unit tests have been added in tests/test_secure_file_utils.py using the unittest framework. These tests cover various scenarios, including valid access, attempted exploits (path traversal, null byte injection, etc.), and handling of disallowed extensions.

A .gitignore file has also been added to exclude common Python cache files from the repository.

Description

Please provide a brief description of your addition or change.

Checklist

  • I've added the prompt in the correct section.
  • The prompt is helpful, concise, and clear.
  • I've double-checked the markdown formatting.

@google-labs-jules
Add secure_file_reader utility and tests
e06baf9 
This commit introduces a new Python utility function, `secure_file_reader`,
located in `src/secure_file_utils.py`. This function demonstrates secure
coding principles for reading files, including:
- Robust input sanitization (stripping whitespace, checking for empty filenames).
- Prohibition of dangerous characters and sequences (e.g., '../', absolute paths, null bytes).
- Enforcement of allowed file extensions.
- Path whitelisting by ensuring the resolved absolute path of a requested file
  is within a defined secure base directory.

The function is designed for simulation and educational purposes, showing how
to build file handling logic with security in mind. It includes detailed
comments explaining each security principle.

Comprehensive unit tests have been added in `tests/test_secure_file_utils.py`
using the `unittest` framework. These tests cover various scenarios, including
valid access, attempted exploits (path traversal, null byte injection, etc.),
and handling of disallowed extensions.

A `.gitignore` file has also been added to exclude common Python cache files
from the repository.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mwessc