Documentation
¶
Overview ¶
Package http provides security-focused validation functions for HTTP headers and URIs.
This package helps prevent common security vulnerabilities such as HTTP header injection (CRLF injection) and malformed URI attacks by validating input against RFC specifications.
Header Validation ¶
Validate HTTP header names and values per RFC 7230:
if err := http.ValidateHeaderName("X-Custom-Header"); err != nil {
// Handle invalid header name
}
if err := http.ValidateHeaderValue("Bearer token123"); err != nil {
// Handle invalid header value
}
The validators check for:
- CRLF injection attempts (\r\n sequences)
- Control characters
- RFC 7230 token compliance for header names
- Length limits to prevent DoS (256 bytes for names, 8192 for values)
Resource URI Validation ¶
Validate URIs for use as OAuth 2.0 resource indicators per RFC 8707:
if err := http.ValidateResourceURI("https://api.example.com/v1"); err != nil {
// Handle invalid URI
}
Resource URIs must:
- Include a scheme (typically http or https)
- Include a host
- Not contain fragment identifiers (#)
Package http provides validation functions for HTTP headers and URIs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateHeaderName ¶
ValidateHeaderName validates that a string is a valid HTTP header name per RFC 7230. It checks for CRLF injection, control characters, and ensures RFC token compliance.
func ValidateHeaderValue ¶
ValidateHeaderValue validates that a string is a valid HTTP header value per RFC 7230. It checks for CRLF injection and control characters.
func ValidateResourceURI ¶
ValidateResourceURI validates that a resource URI conforms to RFC 8707 requirements for canonical URIs used in OAuth 2.0 resource indicators.
A valid canonical URI must:
- Include a scheme (http/https)
- Include a host
- Not contain fragments
Types ¶
This section is empty.
Source Files