sdk/python/File System/PyOSPath

PyOSPath

The os.path module for path manipulation. join() concatenates path components but does not resolve traversal sequences — path-traversal bug when joining a trusted base with a user-controlled path. Use os.path.commonpath + realpath containment checks to sanitize.

2 sanitizers

Sanitizers

— functions that neutralize taint

.realpath()Sanitizer

Signature

os.path.realpath(path: str) -> str

Resolves all symlinks and . / .. components. Combine with commonpath for traversal defense.

tracks:return

.commonpath()Sanitizer

Signature

os.path.commonpath(paths: Sequence[str]) -> str

Returns the longest common path. Use to assert a user path stays inside a trusted base.

tracks:return

Other Methods

.join()Neutral

Signature

os.path.join(*paths: str) -> str

Joins path components. Does NOT defend against ../ traversal — neutral, but the output often reaches file sinks.

.abspath()Neutral

Signature

os.path.abspath(path: str) -> str

Returns the absolute path. Does not resolve symlinks.

Fully-Qualified Names

FQN	Field
os.path	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyOSPath

← PreviousPyMimetypes

Next →PyPathlib