SafeSonnet is a secure file importer for google/go-jsonnet that restricts file imports to a specific directory using os.Root functionality introduced in Go 1.24. This helps prevent path traversal attacks and ensures that Jsonnet imports can only access files within a designated directory.
See docs/spec.md for the full specification, with differences to the built-in go-jsonnet file importer.
go get github.com/thevilledev/safesonnetRequires Go 1.24.
See example directory for a complete working example.
Basic usage:
importer, err := safesonnet.NewSafeImporter("jsonnet", []string{
filepath.Join("jsonnet", "lib"), // Library path relative to workspace
})
if err != nil {
log.Fatal(err)
}
// Close is required to release the os.Root file descriptor
defer importer.Close()
vm := jsonnet.MakeVM()
vm.Importer(importer)Note: Unlike jsonnet.FileImporter, SafeImporter requires calling Close() to release the underlying os.Root file descriptor. Always use defer importer.Close() after creating the importer.
SafeSonnet uses Go 1.24's os.Root functionality to ensure that file access is restricted to the specified directory tree. This means:
- No access to files outside the specified root directory.
- No following of symbolic links that point outside the root.
- No absolute path traversal.
- No relative path traversal (e.g., using
../). - Library paths (JPaths) must be within the root directory.
MIT License - see LICENSE file for full details.