validation

package
v1.74.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2026 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Overview

Package validation contains address parsing and validation utilities for adapter configurations, ensuring that URLs are well-formed and use supported schemes. It trims whitespace, correctly handles URLs without schemes, and returns structured errors for invalid configurations.

Index

Constants

This section is empty.

Variables

View Source 
var ValidColumnIdentifier = regexp.MustCompile(`^[a-zA-Z0-9$_/\- ]{1,128}$`)

ValidColumnIdentifier is a more permissive regex for column names that allows characters which can be safely quoted in DB2 (/, -, space). These characters require the identifier to be wrapped in double quotes.

View Source 
var ValidSQLIdentifier = regexp.MustCompile(`^[a-zA-Z0-9$_]{1,128}$`)

ValidSQLIdentifier matches valid SQL identifiers for security purposes. SQL identifiers must: - Contain only alphanumeric characters, dollar signs, and underscores - Be between 1 and 128 characters in length This helps prevent SQL injection and ensures compatibility across databases.

Functions

func IsValidColumnIdentifier added in v1.74.0 

func IsValidColumnIdentifier(s string) bool

IsValidColumnIdentifier checks if a string is a valid column identifier. This is more permissive than IsValidSQLIdentifier, allowing /, -, and space.

func IsValidSQLIdentifier added in v1.74.0 

func IsValidSQLIdentifier(s string) bool

IsValidSQLIdentifier checks if a string is a valid SQL identifier.

func ParseAndValidateAddress added in v1.72.0 

func ParseAndValidateAddress(address string, allowedSchemes []string) (string, *url.URL, *framework.Error)

ParseAndValidateAddress trims whitespace, parses the URL, and validates the scheme. Returns the trimmed address and parsed URL, or an error if invalid.

The allowedSchemes parameter specifies which URL schemes are permitted. Scheme comparison is case-insensitive per RFC 3986 (url.Parse lowercases schemes). To allow URLs without a scheme, include an empty string "" in allowedSchemes.

Addresses without "://" are treated as having no scheme (e.g., "example.com:8080" is parsed as host:port, not as scheme:opaque).

Types

type DefaultSSRFValidator 

type DefaultSSRFValidator struct{}

DefaultSSRFValidator implements SSRFValidator with full SSRF protection.

func NewDefaultSSRFValidator 

func NewDefaultSSRFValidator() *DefaultSSRFValidator

NewDefaultSSRFValidator creates a new DefaultSSRFValidator.

func (*DefaultSSRFValidator) ValidateExternalURL 

func (v *DefaultSSRFValidator) ValidateExternalURL(ctx context.Context, rawURL string) error

ValidateExternalURL validates that a URL is safe for external HTTP requests. It performs the following checks: 1. URL format is valid 2. Scheme is http or https only 3. Hostname is not localhost or variations 4. Domain name follows DNS naming conventions 5. All resolved IPs are not in private/reserved ranges.

type SSRFValidator 

type SSRFValidator interface {
	// ValidateExternalURL checks if a URL is safe for external HTTP requests.
	ValidateExternalURL(ctx context.Context, rawURL string) error
}

SSRFValidator defines the interface for SSRF validation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.