Documentation
¶
Overview ¶
Package policy validates that verb arguments do not contain shell metacharacters. Per SECURITY.md, coily's subprocess execution
Index ¶
Examples ¶
Constants ¶
const ShellMeta = "`$;&|<>(){}\\\n\r\t"
ShellMeta is the set of bytes rejected in any string argument that could reach a subprocess. Exported so callers (and tests) can reason about it.
Variables ¶
var ErrShellMeta = errors.New("policy: shell metacharacter rejected")
ErrShellMeta is returned by ValidateArg when value contains a byte in ShellMeta.
Functions ¶
func ValidateArg ¶
ValidateArg rejects strings containing shell metacharacters. Empty strings are allowed. Callers should check for empty separately if the argument is
func ValidateArgSlice ¶
ValidateArgSlice runs ValidateArg over a []string (for variadic / positional arguments). Uses a synthetic name that includes the index.
Example ¶
Safe input: a positional argument with no shell metacharacters.
package main
import (
"fmt"
"github.com/coilysiren/cli-guard/policy"
)
func main() {
err := policy.ValidateArgSlice("positional", []string{"hello", "world"})
fmt.Println("err:", err)
}
Output: err: <nil>
Example (Rejected) ¶
Unsafe input: a shell metacharacter (`;`) in a positional argument is rejected before the value can reach `execve`.
package main
import (
"fmt"
"github.com/coilysiren/cli-guard/policy"
)
func main() {
err := policy.ValidateArgSlice("a", []string{"x;y"})
fmt.Println("rejected:", err != nil)
}
Output: rejected: true
func ValidateArgs ¶
ValidateArgs runs ValidateArg over a map, returning the first violation. Convenience for Action funcs that have already gathered flag values.
Types ¶
This section is empty.
Source Files