suggest `os.Root` to avoid directory/symlink traversal

[spencerschrock]

os.Root is an upcoming type in Go 1.24 aimed at solving directory traversal. (upstream proposal). Note: some methods won't be released until Go 1.25.

Root may be used to only access files within a single directory tree.

Methods on Root can only access files and directories beneath a root directory. If any component of a file name passed to a method of Root references a location outside the root, the method returns an error.

It would be nice for gosec to suggest using os.Root and its methods over the direct os equivalents (e.g. os.Root.Open over os.Open) when appropriate:

• Go version (either 1.24 or 1.25 depending on required methods)
• User provided data (parts may be blocked on Create a taint analysis engine #1160, I see you mention path traversal)

This could also be considered when evaluating / remediating G305: File traversal when extracting zip/tar archive

[eshentials]

Can I work on this as well ?

[ccojocar]

Yeah, I assigned it to you.