sanity

func AllowedDomains ¶

func AllowedDomains() []string

AllowedDomains returns the allowlist of trusted domains for software downloads.

func Alphanumeric ¶

func Alphanumeric(s string) string

Alphanumeric ensures the input string to be ascii alphanumeric

func Filename ¶

func Filename(s string) (string, error)

Filename is an alias for Identifier

func Identifier ¶

func Identifier(s string) (string, error)

Identifier validates and sanitizes a string to be a safe identifier. It only allows alphanumeric characters (a-z, A-Z, 0-9), underscores, and hyphens. This is useful for validating module names, filenames, usernames, and other identifiers. Returns an error if the identifier is empty or contains no valid characters after sanitization.

func ModuleName ¶

func ModuleName(s string) (string, error)

ModuleName is an alias for Identifier

func SanitizePath ¶

func SanitizePath(path string) (string, error)

SanitizePath validates and sanitizes the given path according to strict security rules.

Specifically, it:

1. Rejects paths containing shell metacharacters (e.g., ; & | $ ` < > ( ) { } [ ] * ? ~).
2. Rejects path traversal attempts (e.g., segments like "../", "/..", or paths ending with "..").
3. Requires the input path to be absolute.
4. Normalizes the path by removing redundant slashes and dot directories (using filepath.Clean).
5. May return a cleaned version of the input path that differs from the original.

Returns the sanitized (cleaned) path, or an error if the input is invalid or unsafe.

func Username ¶

func Username(s string) (string, error)

Username validates and sanitizes a username string to prevent security vulnerabilities.

This function is particularly important when dealing with environment variables like SUDO_USER that could be manipulated by attackers. It ensures that the username:

1. Is not empty (precondition check)
2. Contains only alphanumeric characters (a-z, A-Z, 0-9), underscores, and hyphens
3. Does not contain path traversal sequences (e.g., "..", "/")
4. Does not contain shell metacharacters or special characters
5. Contains at least one valid character after sanitization

Returns the sanitized username, or an error if the username is invalid or unsafe.

func ValidateInputFile ¶

func ValidateInputFile(filePath string) (string, error)

ValidateInputFile validates a file path intended for reading user-provided input files.

This function provides comprehensive validation to prevent path traversal attacks and ensure the file is safe to read. It:

1. Converts relative paths to absolute paths
2. Sanitizes the path to prevent path traversal and shell injection
3. Verifies the file exists
4. Ensures the path points to a regular file (not a directory, device, socket, etc.)

This is designed to be used in defense-in-depth scenarios where the same validation is applied at multiple layers (CLI entry point and internal APIs).

Returns the sanitized absolute path or an error if validation fails.

func ValidatePathWithinBase ¶

func ValidatePathWithinBase(basePath, targetPath string) (string, error)

ValidatePathWithinBase validates that a path is within a specific base directory.

This function:

1. Sanitizes the input path
2. Ensures the sanitized path starts with the base directory
3. Prevents path traversal outside the base directory

Returns the sanitized path or an error if the path is outside the base directory.

func ValidateURL ¶

func ValidateURL(rawURL string, allowedDomains []string) error

ValidateURL validates a URL to ensure it's safe to use for downloads.

This function provides SSRF (Server-Side Request Forgery) protection by checking that:

1. The URL is not empty and can be parsed
2. The scheme is HTTPS only (HTTP is rejected for security)
3. The host is not empty
4. The host is in the allowed domain list for trusted registries

Returns an error if the URL is invalid or unsafe.