security

package

v0.2.2 Latest Latest Go to latest Published: Apr 10, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jmylchreest/tinct

Links

Open Source Insights

Documentation ¶

Overview ¶

Package security provides security validation utilities for Tinct.

Index ¶

func SafeUint8(val int) uint8
func SafeUint8FromUint32(val uint32) uint8
func SafeUint8FromUint64(val uint64) uint8
func ValidateFilePath(filePath, baseDir string) error
func ValidateGitURL(urlStr string) error
func ValidateHTTPURL(urlStr string) error
func ValidatePluginPath(pluginPath, baseDir string) error
func ValidateRuntimeHTTPURL(urlStr string) error
type LimitedReader
- func NewLimitedReader(r io.Reader, maxBytes int64) *LimitedReader
- func (l *LimitedReader) Read(p []byte) (int, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func SafeUint8 ¶

func SafeUint8(val int) uint8

SafeUint8 safely converts an integer to uint8 with bounds checking. Values outside 0-255 are clamped to the valid range.

func SafeUint8FromUint32 ¶

func SafeUint8FromUint32(val uint32) uint8

SafeUint8FromUint32 safely converts uint32 to uint8 with bounds checking.

func SafeUint8FromUint64 ¶

func SafeUint8FromUint64(val uint64) uint8

SafeUint8FromUint64 safely converts uint64 to uint8 with bounds checking.

func ValidateFilePath ¶

func ValidateFilePath(filePath, baseDir string) error

ValidateFilePath validates a file path within an archive to prevent directory traversal.

func ValidateGitURL ¶

func ValidateGitURL(urlStr string) error

ValidateGitURL validates a git repository URL for safe cloning. Only allows https:// and git:// protocols from trusted domains.

func ValidateHTTPURL ¶

func ValidateHTTPURL(urlStr string) error

ValidateHTTPURL validates an HTTP(S) URL for safe downloads. Only allows HTTPS from non-local hosts.

func ValidatePluginPath ¶

func ValidatePluginPath(pluginPath, baseDir string) error

ValidatePluginPath validates a plugin path to prevent directory traversal. Ensures the path stays within the allowed plugin directory.

func ValidateRuntimeHTTPURL ¶ added in v0.1.28

func ValidateRuntimeHTTPURL(urlStr string) error

ValidateRuntimeHTTPURL validates a URL used for runtime data fetching (e.g. remote-css, remote-json, wallpaper URLs in theme files).

By default it enforces the same rules as ValidateHTTPURL: HTTPS-only, no localhost/private IPs. If the TINCT_ALLOW_INSECURE_HTTP environment variable is set to "1" or "true", plain HTTP is also allowed but private IP / localhost blocking still applies.

Types ¶

type LimitedReader ¶

type LimitedReader struct {
	R         io.Reader
	Remaining int64
}

LimitedReader wraps an io.Reader and limits the total bytes that can be read. This prevents decompression bomb attacks when extracting archives.

func NewLimitedReader ¶

func NewLimitedReader(r io.Reader, maxBytes int64) *LimitedReader

NewLimitedReader creates a new LimitedReader with the specified size limit.

func (*LimitedReader) Read ¶

func (l *LimitedReader) Read(p []byte) (int, error)

Read implements io.Reader with size limits.

Source Files ¶

View all Source files

validation.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL