urlvalidate

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package urlvalidate provides URL validation for Apple notarization service responses.

The developerLogUrl field comes from appstoreconnect.apple.com over HTTPS. Intercepting this response requires a compromised CA or TLS inspection proxy. The main risk we guard against is requests to internal services (localhost, private IPs) and cloud metadata endpoints (169.254.169.254).

We use a three-tier validation approach:

  • Known domains (apple.com, Apple's S3 bucket): allowed
  • IPs and localhost: blocked
  • Unknown domains: allowed with a warning logged

This allows quill to keep working if Apple changes their infrastructure (e.g., new S3 bucket, new CDN) while alerting users to investigate.

We chose domain validation over certificate validation because:

  • Domain checks happen before any connection; cert checks require connecting first
  • Apple serves logs from S3, which has Amazon certificates, not Apple certificates
  • Certificate pinning is brittle (Chrome removed HPKP for this reason)
  • Certificate org fields are not reliable (anyone can register "Apple LLC")

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	TrustedDomains []string
	AllowedSchemes []string
}

Config holds the configuration for URL validation.

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns the default configuration for production use.

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

Validator validates URLs for fetching Apple resources.

func New 

func New(cfg Config) *Validator

New creates a new Validator with the given configuration.

func (*Validator) Validate 

func (v *Validator) Validate(rawURL string) (warning string, err error)

Validate validates a URL for fetching Apple resources using a three-tier approach:

  1. allowlist: Known trusted domains (apple.com, Apple's S3 bucket) - allowed silently
  2. denylist: Known dangerous targets (IPs, localhost, metadata endpoints) - rejected with error
  3. unknown: Other domains - allowed but returns a warning message for logging

Returns:

  • warning: non-empty if the URL is allowed but from an unexpected host (should be logged)
  • error: non-nil if the URL is denied (should not be fetched)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.