sanity

func AllowedDomains ¶

func AllowedDomains() []string

AllowedDomains returns the allowlist of trusted domains for software downloads.

func Alphanumeric ¶

func Alphanumeric(s string) string

Alphanumeric ensures the input string to be ascii alphanumeric

func Filename ¶

func Filename(s string) (string, error)

Filename is an alias for Identifier

func Identifier ¶

func Identifier(s string) (string, error)

Identifier validates and sanitizes a string to be a safe identifier. It only allows alphanumeric characters (a-z, A-Z, 0-9), underscores, and hyphens. This is useful for validating module names, filenames, usernames, and other identifiers. Returns an error if the identifier is empty or contains no valid characters after sanitization.

func ModuleName ¶

func ModuleName(s string) (string, error)

ModuleName is an alias for Identifier

func SanitizePath ¶

func SanitizePath(path string) (string, error)

SanitizePath validates and sanitizes the given path according to strict security rules.

Specifically, it:

1. Rejects paths containing shell metacharacters (e.g., ; & | $ ` < > ( ) { } [ ] * ? ~).
2. Rejects path traversal attempts (e.g., segments like "../", "/..", or paths ending with "..").
3. Converts relative paths to absolute paths.
4. Normalizes the path by removing redundant slashes and dot directories (using filepath.Clean).
5. May return a cleaned version of the input path that differs from the original.

Returns the sanitized (cleaned) absolute path, or an error if the input is invalid or unsafe.

func Username ¶

func Username(s string) (string, error)

Username validates and sanitizes a username string to prevent security vulnerabilities.

This function is particularly important when dealing with environment variables like SUDO_USER that could be manipulated by attackers. It ensures that the username:

1. Is not empty (precondition check)
2. Contains only alphanumeric characters (a-z, A-Z, 0-9), underscores, and hyphens
3. Does not contain path traversal sequences (e.g., "..", "/")
4. Does not contain shell metacharacters or special characters
5. Contains at least one valid character after sanitization

Returns the sanitized username, or an error if the username is invalid or unsafe.

func ValidateChartReference ¶ added in v0.6.0

func ValidateChartReference(chart string) error

ValidateChartReference validates a Helm chart reference (OCI URL or repo/chart name). This prevents injection attacks through chart parameters while allowing legitimate chart references. Accepts:

• OCI references: oci://registry.example.com/path/to/chart
• Repository URLs: https://charts.example.com/chart-name
• Simple chart names: my-chart, repo/chart-name

func ValidateHexToken ¶ added in v0.7.0

func ValidateHexToken(s string) error

ValidateHexToken validates that a string is a valid hexadecimal token. This is used for tokens like Teleport join tokens which are hex strings. The token must:

1. Not be empty
2. Contain only hexadecimal characters (0-9, a-f, A-F)
3. Have a reasonable maximum length (4096 characters) to prevent buffer overflow attacks

func ValidateHostPort ¶ added in v0.7.0

func ValidateHostPort(s string) error

ValidateHostPort validates a host:port string. Accepts formats like:

• hostname (assumes default port)
• hostname:port
• IP:port (e.g., 192.168.1.1:3080)

Does NOT allow:

• Path traversal sequences
• Shell metacharacters
• URLs (use ValidateURL for those)

func ValidateIdentifier ¶ added in v0.6.0

func ValidateIdentifier(s string) error

ValidateIdentifier validates that a string contains only safe identifier characters without sanitizing/modifying it. It rejects any string that contains invalid characters. This is stricter than Identifier() which sanitizes by removing invalid characters. Use this when you need to ensure the input is already clean and reject invalid input.

func ValidateInputFile ¶

func ValidateInputFile(filePath string) (string, error)

ValidateInputFile validates a file path intended for reading user-provided input files.

This function provides comprehensive validation to prevent path traversal attacks and ensure the file is safe to read. It:

1. Converts relative paths to absolute paths
2. Sanitizes the path to prevent path traversal and shell injection
3. Verifies the file exists
4. Ensures the path points to a regular file (not a directory, device, socket, etc.)

This is designed to be used in defense-in-depth scenarios where the same validation is applied at multiple layers (CLI entry point and internal APIs).

Returns the sanitized absolute path or an error if validation fails.

func ValidatePathWithinBase ¶

func ValidatePathWithinBase(basePath, targetPath string) (string, error)

ValidatePathWithinBase validates that a path is within a specific base directory.

This function:

1. Sanitizes the input path
2. Ensures the sanitized path starts with the base directory
3. Prevents path traversal outside the base directory

Returns the sanitized path or an error if the path is outside the base directory.

func ValidateStorageSize ¶ added in v0.6.0

func ValidateStorageSize(size string) error

ValidateStorageSize validates a Kubernetes storage size string. Accepts sizes like: "5Gi", "10Mi", "1Ti", "100Gi", etc. This prevents injection attacks through storage size parameters while ensuring the size matches Kubernetes quantity format requirements. The numeric value must be greater than zero.

func ValidateURL ¶

func ValidateURL(rawURL string, allowedDomains []string) error

ValidateURL validates a URL to ensure it's safe to use for downloads.

This function provides SSRF (Server-Side Request Forgery) protection by checking that:

1. The URL is not empty and can be parsed
2. The scheme is HTTPS only (HTTP is rejected for security)
3. The host is not empty
4. The host is in the allowed domain list for trusted registries

Returns an error if the URL is invalid or unsafe.

func ValidateVersion ¶ added in v0.6.0

func ValidateVersion(version string) error

ValidateVersion validates a semantic version string to ensure it's safe to use. Accepts versions like: "1.0.0", "1.0.0-alpha", "1.0.0-beta.1", "0.24.0", etc. This prevents injection attacks through version parameters. From the bottom of the page at https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string