Documentation
¶
Index ¶
- func ExtractOwnerRepo(urlPath string) (owner, repo string, ok bool)
- func IsLocalPath(input string) (bool, error)
- func NormalizeSourceURL(sourceURL string) string
- func ParseRegistryTimestamp(dateStr string) (time.Time, error)
- func ValidateAndNormalizeURL(rawURL string) (normalized string, finding *string, err error)
- func ValidateRemoteURL(sourceURL string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractOwnerRepo ¶
ExtractOwnerRepo extracts the first two path segments (owner/repo) from a URL path. Handles any trailing path segments (tree/blob/commit/etc) by ignoring them.
func IsLocalPath ¶
func NormalizeSourceURL ¶
func ParseRegistryTimestamp ¶
ParseRegistryTimestamp parses timestamps from package registries (NPM, etc.) that may include fractional seconds. Tries RFC3339Nano first (superset that handles fractional seconds), then falls back to RFC3339.
func ValidateAndNormalizeURL ¶
ValidateRemoteURL validates that a URL is safe for git clone operations. This MUST be called on ALL URLs from untrusted sources (package metadata).
Security policy: ONLY https:// URLs are accepted. - http:// is rejected (insecure) - git://, ssh://, git@ are rejected (not supported) - file:// is rejected (security risk) - localhost/loopback addresses are rejected (security risk) - URLs with git command flags are rejected (command injection risk) - URLs with path traversal are rejected (security risk) ValidateAndNormalizeURL validates the raw URL, normalizes it, then validates the normalized form. Returns:
- normalized: the normalized URL (always set on success)
- finding: non-nil if the raw URL used an unsafe protocol that was normalized away
- err: non-nil only when both raw and normalized URLs fail validation (hard rejection)
func ValidateRemoteURL ¶
Types ¶
This section is empty.