security

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package security provides security utilities for validating command paths, file paths, and preventing injection attacks.

Index

Constants

This section is empty.

Variables

View Source 
var AllowedCommands = map[string][]string{
	"slurm":        {"scontrol", "squeue", "scancel", "sinfo", "sacct"},
	"ssh":          {"ssh", "ssh-keygen", "ssh-add", "ssh-agent"},
	"shell":        {"bash", "sh", "zsh"},
	"notification": {"notify-send", "osascript"},
	"editor":       {"vi", "vim", "nvim", "nano", "emacs", "code", "subl"},
}

AllowedCommands defines a whitelist of commands that are known to be safe for specific operations. This provides defense in depth beyond path validation.

Functions

func EnsureDir 

func EnsureDir(dir string, perm os.FileMode) error

EnsureDir creates a directory if it doesn't exist, with validation. It ensures the directory path is safe before creation.

func IsAllowedCommand 

func IsAllowedCommand(cmdPath, category string) bool

IsAllowedCommand checks if a command is in the whitelist for a given category. This provides an additional security layer beyond path validation.

func IsPathSafe 

func IsPathSafe(path string) bool

IsPathSafe performs basic safety checks on a path without requiring a base directory. Use this when you trust the path source but want to validate format.

func SafeOpenFile 

func SafeOpenFile(path, baseDir string) (*os.File, error)

SafeOpenFile opens a file with path validation. Use this as a wrapper around os.Open when you need path validation.

func ValidateAndResolveCommand 

func ValidateAndResolveCommand(cmdPath, category string) (string, error)

ValidateAndResolveCommand combines path validation with whitelist checking. It returns the absolute path to the command if it passes all checks.

func ValidateCommandPath 

func ValidateCommandPath(cmdPath string) (string, error)

ValidateCommandPath validates that a command path is safe to execute. It checks for: - Path traversal attempts (../) - Shell metacharacters that could enable command injection - Absolute paths that exist and are executable

For commands in PATH, it uses exec.LookPath to find the absolute path. For absolute paths, it verifies the file exists and is executable.

Security note: This helps prevent command injection but does not guarantee complete security. Always validate command arguments separately.

func ValidateConfigPath 

func ValidateConfigPath(path, configDir string) (string, error)

ValidateConfigPath validates a path is within the user's config directory. This is useful for config files, cache files, etc.

func ValidatePath 

func ValidatePath(path string) (string, error)

ValidatePath validates that a file path is safe to use. It checks for: - Path traversal attempts (../) - Null bytes - Absolute path validation

Returns the cleaned absolute path if valid.

func ValidatePathWithinBase 

func ValidatePathWithinBase(path, baseDir string) (string, error)

ValidatePathWithinBase ensures a path is within a base directory. This prevents path traversal attacks by ensuring the resolved path is within the allowed base directory.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.