fetch_ml/internal/fileutil/secure.go

// Package fileutil provides secure file operation utilities to prevent path traversal attacks.
package fileutil

import (
	"os"
	"path/filepath"
)

// SecureFileRead securely reads a file after cleaning the path to prevent path traversal
func SecureFileRead(path string) ([]byte, error) {
	return os.ReadFile(filepath.Clean(path))
}

// SecureFileWrite securely writes a file after cleaning the path to prevent path traversal
func SecureFileWrite(path string, data []byte, perm os.FileMode) error {
	return os.WriteFile(filepath.Clean(path), data, perm)
}

// SecureOpenFile securely opens a file after cleaning the path to prevent path traversal
func SecureOpenFile(path string, flag int, perm os.FileMode) (*os.File, error) {
	return os.OpenFile(filepath.Clean(path), flag, perm)
}