Show HN: Path-security – Comprehensive path validation with 62 attack vectors https://ift.tt/8TgEebL

Show HN: Path-security – Comprehensive path validation with 62 attack vectors Hi HN! Author here. TL;DR: Comprehensive path validation protecting against 62+ attack vectors including encoding attacks, Unicode tricks, and Windows-specific exploits. 95.81% test coverage, battle-tested in production. The motivation: We built a blockchain security platform that handles untrusted code repositories. Standard path validation wasn't enough - we kept discovering new attack vectors: - URL encoding: %2e%2e%2f → ../ - Double encoding: %252e%252e%252f → %2e%2e%2f → ../ - UTF-8 overlong: %c0%ae (invalid but sometimes accepted) - Unicode homoglyphs: ․․/ (using U+2024) - Windows NTFS streams: file.txt::$DATA - Trailing dots/spaces (Windows ignores these) - And 50+ more patterns After 6 months of production hardening, we extracted this into a standalone library. Every attack we've seen is tested (21 tests, 62+ patterns). *Stats*: - 62+ attack patterns covered - 95.81% test coverage - Zero dependencies (only anyhow) - Cross-platform compatibility - MIT/Apache-2.0 licensed *Links*: - Crates.io: https://ift.tt/pYomDMG - GitHub: https://ift.tt/x7KXilL - Docs: https://ift.tt/az9t7Dw Perfect for web file uploads, archive extraction, git operations, and any application handling user-provided paths. Feedback very welcome! https://ift.tt/x7KXilL October 25, 2025 at 11:36PM