README
¶
horosafe — security primitives
horosafe provides reusable validation functions for secrets, URLs, paths, and
identifiers. Used by other packages (auth, connectivity, channels) as a shared
security baseline.
Functions
Secret validation
err := horosafe.ValidateSecret(secret) // must be >= 32 bytes
SSRF prevention
err := horosafe.ValidateURL(rawURL)
Rejects private IPs (RFC 1918, loopback, link-local, RFC 4193), non-HTTP(S) schemes, and performs DNS resolution to catch CNAMEs pointing to internal hosts.
Path traversal guard
safe, err := horosafe.SafePath("/data", userInput)
Returns an error if the resolved path escapes the base directory.
Identifier validation
err := horosafe.ValidateIdentifier(s) // alphanumeric + _-. only, max 256 chars
Bounded I/O
body, err := horosafe.LimitedReadAll(r, 1<<20) // max 1 MiB
Exported API
| Symbol | Description |
|---|---|
MinSecretLen |
32 bytes |
MaxResponseBody |
1 MiB |
ValidateSecret(secret) |
Reject short secrets |
ValidateURL(rawURL) |
SSRF prevention with DNS check |
SafePath(base, input) |
Path traversal guard |
ValidateIdentifier(s) |
Reject unsafe identifiers |
LimitedReadAll(r, max) |
Bounded reader |
Documentation
¶
Overview ¶
Package horosafe provides security primitives shared across the HOROS service ecosystem: secret validation, URL safety checks (SSRF prevention), path traversal guards, and bounded I/O helpers.
Index ¶
Constants ¶
const MaxResponseBody int64 = 1 << 20
MaxResponseBody is the default cap for HTTP response body reads (1 MiB).
const MinSecretLen = 32
MinSecretLen is the minimum acceptable length for symmetric secrets (HMAC, JWT HS256, webhook signatures). 32 bytes = 256 bits of entropy.
Variables ¶
var ErrPathTraversal = errors.New("horosafe: path traversal detected")
ErrPathTraversal is returned when a user-supplied path escapes its base.
var ErrSSRF = errors.New("horosafe: URL targets a private or loopback address")
ErrSSRF is returned when a URL targets a private/loopback address.
var ErrSecretTooShort = fmt.Errorf("horosafe: secret must be at least %d bytes", MinSecretLen)
ErrSecretTooShort is returned when a secret does not meet MinSecretLen.
var ErrUnsafeScheme = errors.New("horosafe: only http and https schemes are allowed")
ErrUnsafeScheme is returned when a URL uses a non-HTTP(S) scheme.
Functions ¶
func LimitedReadAll ¶
LimitedReadAll reads at most maxBytes from r. Returns ErrResponseTooLarge if the limit is exceeded.
func SafePath ¶
SafePath validates that joining base and userInput does not escape base. Returns the cleaned absolute path or ErrPathTraversal.
func ValidateIdentifier ¶
ValidateIdentifier rejects identifiers that contain characters unsuitable for SQL identifiers, file names, or URL path segments. Allows alphanumeric, underscore, hyphen, and dot.
func ValidateSecret ¶
ValidateSecret checks that secret is at least MinSecretLen bytes.
func ValidateURL ¶
ValidateURL checks that rawURL uses http/https, has a hostname, and does not resolve to a private or loopback IP (SSRF prevention). DNS resolution is performed to catch rebinding via internal hostnames.
Types ¶
This section is empty.
Source Files