==== Use secure-by-design APIs

Some libraries contain APIs with these three capabilities:

* File retrieval in a file system.
* Restriction of the file retrieval to a specific folder (thus sanitizing and validating untrusted data).
* A feature, such as a file download or file deletion.

They can be referred to as "secure-by-design" APIs. Using this type of API,
such as '{auto_canonicalization_function}', brings multiple layers of security
to the code while keeping the code base shorter.

Behind the scenes, this function protects against both regular and partial path
injection.