Documentation
¶
Overview ¶
Package validation contains address parsing and validation utilities for adapter configurations, ensuring that URLs are well-formed and use supported schemes. It trims whitespace, correctly handles URLs without schemes, and returns structured errors for invalid configurations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseAndValidateAddress ¶ added in v1.72.0
func ParseAndValidateAddress(address string, allowedSchemes []string) (string, *url.URL, *framework.Error)
ParseAndValidateAddress trims whitespace, parses the URL, and validates the scheme. Returns the trimmed address and parsed URL, or an error if invalid.
The allowedSchemes parameter specifies which URL schemes are permitted. Scheme comparison is case-insensitive per RFC 3986 (url.Parse lowercases schemes). To allow URLs without a scheme, include an empty string "" in allowedSchemes.
Addresses without "://" are treated as having no scheme (e.g., "example.com:8080" is parsed as host:port, not as scheme:opaque).
Types ¶
type DefaultSSRFValidator ¶
type DefaultSSRFValidator struct{}
DefaultSSRFValidator implements SSRFValidator with full SSRF protection.
func NewDefaultSSRFValidator ¶
func NewDefaultSSRFValidator() *DefaultSSRFValidator
NewDefaultSSRFValidator creates a new DefaultSSRFValidator.
func (*DefaultSSRFValidator) ValidateExternalURL ¶
func (v *DefaultSSRFValidator) ValidateExternalURL(ctx context.Context, rawURL string) error
ValidateExternalURL validates that a URL is safe for external HTTP requests. It performs the following checks: 1. URL format is valid 2. Scheme is http or https only 3. Hostname is not localhost or variations 4. Domain name follows DNS naming conventions 5. All resolved IPs are not in private/reserved ranges.
Source Files