@tauri-apps/plugin-fs - v2.4.1

Access the file system.

Security

This module prevents path traversal, not allowing parent directory accessors to be used (i.e. "/usr/path/to/../file" or "../path/to/file" paths are not allowed). Paths accessed with this API must be either relative to one of the base directories or created with the path API.

The API has a scope configuration that forces you to restrict the paths that can be accessed using glob patterns.

The scope configuration is an array of glob patterns describing file/directory paths that are allowed. For instance, this scope configuration allows all enabled fs APIs to (only) access files in the databases directory of the $APPDATA directory:

{
  "permissions": [
    {
      "identifier": "fs:scope",
      "allow": [{ "path": "$APPDATA/databases/*" }]
    }
  ]
}
Copy

Scopes can also be applied to specific fs APIs by using the API's identifier instead of fs:scope:

{
  "permissions": [
    {
      "identifier": "fs:allow-exists",
      "allow": [{ "path": "$APPDATA/databases/*" }]
    }
  ]
}
Copy

Notice the use of the $APPDATA variable. The value is injected at runtime, resolving to the app data directory.

The available variables are: $APPCONFIG, $APPDATA, $APPLOCALDATA, $APPCACHE, $APPLOG, $AUDIO, $CACHE, $CONFIG, $DATA, $LOCALDATA, $DESKTOP, $DOCUMENT, $DOWNLOAD, $EXE, $FONT, $HOME, $PICTURE, $PUBLIC, $RUNTIME, $TEMPLATE, $VIDEO, $RESOURCE, $TEMP.

Trying to execute any API with a URL not configured on the scope results in a promise rejection due to denied access.