feat: Add ProtectOpenFile wrapping os.OpenFile

contrib/database/sql/README.md

@@ -4,7 +4,7 @@ This package provides a wrapper for [`database/sql`](https://pkg.go.dev/database
 
 # Usage
 
-to english: When executing a statement, use the Waffle database driver instead of `database/sql`. At this time, you need to pass the Waffle's operation `context`.
+When executing a statement, use the Waffle database driver instead of `database/sql`. At this time, you need to pass the Waffle's operation `context`.
 
 ```go
 import (

contrib/os/README.md

@@ -0,0 +1,20 @@
+# os
+
+This package provides a wrapper for [`os`](https://pkg.go.dev/os) protected by Waffle.  
+It provides functions that wrap `os.ReadFile` and `os.WriteFile` to prevent directory traversal and access to sensitive files.
+
+# Usage
+
+When accessing a file, use the Waffle's file functions instead of `os`.
+
+```go
+import (
+    waffleOs "github.com/sitebatch/waffle-go/contrib/os"
+)
+
+// ProtectReadFile wraps os.ReadFile
+data, err := waffleOs.ProtectReadFile(ctx, "<filename>")
+
+// ProtectOpenFile wraps os.OpenFile
+f, err := waffleOs.ProtectOpenFile("notes.txt", os.O_RDWR|os.O_CREATE, 0644)
+```

contrib/os/waf.go

@@ -15,3 +15,12 @@ func ProtectReadFile(ctx context.Context, name string) ([]byte, error) {
 
 	return os.ReadFile(name)
 }
+
+// ProtectOpenFile protects file opening from attacks such as directory traversal and executes os.OpenFile.
+func ProtectOpenFile(ctx context.Context, name string, flag int, perm os.FileMode) (*os.File, error) {
+	if err := osHandler.ProtectFileOperation(ctx, name); err != nil {
+		return nil, err
+	}
+
+	return os.OpenFile(name, flag, perm)
+}