Documentation
¶
Overview ¶
Package util provides general-purpose utility functions.
Package util provides general-purpose utility functions including URL slug generation and validation with Unicode normalization support.
Index ¶
- Constants
- func AddNonceToScriptTags(content, nonce string) string
- func CSPNonceAttr(nonce string) string
- func ContainsPathTraversal(path string) bool
- func IsPrivateIP(ip net.IP) bool
- func IsValidAlias(s string) bool
- func IsValidLangCode(s string) bool
- func IsValidSlug(s string) bool
- func NullInt64FromPtr(ptr *int64) sql.NullInt64
- func NullInt64FromValue(val int64) sql.NullInt64
- func NullStringFromPtr(ptr *string) sql.NullString
- func NullStringFromValue(s string) sql.NullString
- func ParseNullInt64(s string) sql.NullInt64
- func ParseNullInt64Positive(s string) sql.NullInt64
- func SSRFSafeDialContext(dialer *net.Dialer) func(ctx context.Context, network, addr string) (net.Conn, error)
- func SafeJoinPath(basePath string, components ...string) (string, error)
- func SanitizeFilename(filename string) (string, error)
- func SetRequireHTTPSOutbound(required bool)
- func Slugify(s string) string
- func ValidatePathWithinBase(basePath, targetPath string) error
- func ValidateWebhookURL(rawURL string) error
Constants ¶
const MaxWebhookURLLength = 2048
MaxWebhookURLLength is the maximum allowed length for a webhook URL.
Variables ¶
This section is empty.
Functions ¶
func AddNonceToScriptTags ¶ added in v0.9.0
AddNonceToScriptTags injects a CSP nonce attribute into all <script> tags that don't already have one.
func CSPNonceAttr ¶ added in v0.9.0
CSPNonceAttr returns a nonce attribute string for use in HTML tags. Returns an empty string when nonce is empty.
func ContainsPathTraversal ¶ added in v0.1.0
ContainsPathTraversal checks if a path contains traversal sequences. Returns true if the path contains ".." after cleaning.
func IsPrivateIP ¶ added in v0.9.0
IsPrivateIP checks if an IP address falls within a private or reserved range.
func IsValidAlias ¶
IsValidAlias checks if a string is a valid alias format. Aliases can contain path segments separated by forward slashes (e.g., "blog/post/55"). Each segment must be a valid slug: lowercase letters, numbers, and hyphens.
func IsValidLangCode ¶ added in v0.5.0
IsValidLangCode checks if a string is a valid language code format. Language codes are typically 2-3 letter codes optionally followed by a hyphen and a 2-4 letter region code (e.g., "en", "de", "zh-cn", "pt-br"). Only lowercase letters, digits, and hyphens are allowed.
func IsValidSlug ¶
IsValidSlug checks if a string is a valid slug format.
func NullInt64FromPtr ¶
NullInt64FromPtr converts a pointer to int64 into sql.NullInt64. Returns a valid NullInt64 if the pointer is non-nil, otherwise returns an invalid one.
func NullInt64FromValue ¶
NullInt64FromValue creates a valid sql.NullInt64 from an int64 value.
func NullStringFromPtr ¶
func NullStringFromPtr(ptr *string) sql.NullString
NullStringFromPtr converts a pointer to string into sql.NullString. Returns a valid NullString if the pointer is non-nil, otherwise returns an invalid one.
func NullStringFromValue ¶
func NullStringFromValue(s string) sql.NullString
NullStringFromValue creates a sql.NullString from a string value. Returns a valid NullString if the string is non-empty, otherwise returns an invalid one.
func ParseNullInt64 ¶
ParseNullInt64 parses a string into sql.NullInt64. Returns an invalid NullInt64 if the string is empty, "0", or cannot be parsed.
func ParseNullInt64Positive ¶
ParseNullInt64Positive parses a string into sql.NullInt64, requiring positive values. Returns an invalid NullInt64 if the string is empty, cannot be parsed, or value is <= 0.
func SSRFSafeDialContext ¶ added in v0.9.0
func SSRFSafeDialContext(dialer *net.Dialer) func(ctx context.Context, network, addr string) (net.Conn, error)
SSRFSafeDialContext returns a DialContext function that prevents connections to private/reserved IP addresses. Use this in http.Transport to protect against DNS rebinding and redirect-based SSRF at connection time.
func SafeJoinPath ¶ added in v0.1.0
SafeJoinPath joins path components and validates the result is within the base directory. Returns the cleaned path or an error if traversal is detected.
func SanitizeFilename ¶ added in v0.1.0
SanitizeFilename extracts only the base filename, removing any directory components. This prevents path traversal attacks via filenames like "../../../etc/passwd". Returns an error if the filename is invalid.
func SetRequireHTTPSOutbound ¶ added in v0.9.0
func SetRequireHTTPSOutbound(required bool)
SetRequireHTTPSOutbound configures whether outbound URL validation must reject non-HTTPS schemes.
func Slugify ¶
Slugify converts a string to a URL-friendly ASCII slug. Non-ASCII characters (Cyrillic, CJK, etc.) are transliterated to their closest ASCII equivalent. Accents are removed, spaces become hyphens, and only alphanumeric characters and hyphens are kept.
func ValidatePathWithinBase ¶ added in v0.1.0
ValidatePathWithinBase ensures that a resolved path is within the expected base directory. It cleans both paths and checks that the resolved path starts with the base path. Returns an error if path traversal is detected.
func ValidateWebhookURL ¶ added in v0.9.0
ValidateWebhookURL validates a webhook URL for SSRF protection. It checks the URL scheme, resolves the hostname via DNS, and verifies that none of the resolved IPs are in private/reserved ranges.
Types ¶
This section is empty.
Source Files