utils

func GetSafeHeaderValue ¶ added in v1.9.0

func GetSafeHeaderValue(headerName string, h http.Header) (string, bool)

GetSafeHeaderValue inspects the provided HTTP header map for the named header and enforces a strict byte-level policy suitable for API tokens and other sensitive header values. It returns the first non-empty header value and a boolean indicating whether the header (all values) are considered "safe".

Safety rules:

• Reject ASCII control bytes (0x00..0x1F), DEL (0x7F)
• Reject any non-ASCII byte (>= 0x80)
• Reject space (0x20) because token-style headers must not contain spaces

Behavior:

• If headerName is empty the function is a no-op and returns ("", true).
• Empty header values are ignored when selecting the return value but still do not cause rejection.
• If any header value contains a disallowed byte the function returns ("", false).

func GetSafeHeaderValues ¶ added in v1.9.0

func GetSafeHeaderValues(headerName string, h http.Header) ([]string, bool)

GetSafeHeaderValues returns all non-empty header values for the named header if and only if every value meets the safety rules. It preserves order.

func GetSafeValue ¶ added in v1.9.0

func GetSafeValue(s string) (string, bool)

GetSafeValue validates a single string value using the same byte-level policy used by header validators. It is independent of HTTP types so it can be reused by any package.

Rules:

• Empty string is allowed and returns ("", true).
• Reject control bytes (0x00..0x1F), DEL (0x7F), non-ASCII bytes (>=0x80)
• Reject space (0x20) — intended for token-style values
• Reject values with length >= 4096 bytes

func NewLogger ¶

func NewLogger(component string) *slog.Logger

func TestASCIIValidator_AllowsPrintableASCII ¶ added in v1.9.0

func TestASCIIValidator_AllowsPrintableASCII(t *testing.T)

func TestASCIIValidator_BlocksNonASCII ¶ added in v1.9.0

func TestASCIIValidator_BlocksNonASCII(t *testing.T)

func TestControlCharHeaderMiddleware_AllowsValid ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_AllowsValid(t *testing.T)

func TestControlCharHeaderMiddleware_BlocksControlChars ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_BlocksControlChars(t *testing.T)

func TestControlCharHeaderMiddleware_BlocksDEL ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_BlocksDEL(t *testing.T)

func TestControlCharHeaderMiddleware_BlocksNUL ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_BlocksNUL(t *testing.T)

func TestControlCharHeaderMiddleware_BlocksNonASCIIByte ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_BlocksNonASCIIByte(t *testing.T)

func TestControlCharHeaderMiddleware_BlocksTab ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_BlocksTab(t *testing.T)

func TestControlCharHeaderMiddleware_MultiValueHeader ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_MultiValueHeader(t *testing.T)

func TestControlCharHeaderMiddleware_NoOpWhenHeaderNameEmpty ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_NoOpWhenHeaderNameEmpty(t *testing.T)

func TestControlCharHeaderMiddleware_RejectsSpace ¶ added in v1.9.0

func TestControlCharHeaderMiddleware_RejectsSpace(t *testing.T)

func TestGetSafeHeaderValue_AllowsValueJustUnderLimit ¶ added in v1.9.0

func TestGetSafeHeaderValue_AllowsValueJustUnderLimit(t *testing.T)

func TestGetSafeHeaderValue_RejectsValueAtOrAboveLimit ¶ added in v1.9.0

func TestGetSafeHeaderValue_RejectsValueAtOrAboveLimit(t *testing.T)

func TestGetSafeHeaderValues_AllowsMultipleSafeValues ¶ added in v1.9.0

func TestGetSafeHeaderValues_AllowsMultipleSafeValues(t *testing.T)

func TestGetSafeHeaderValues_AllowsMultipleValuesBelowLimit ¶ added in v1.9.0

func TestGetSafeHeaderValues_AllowsMultipleValuesBelowLimit(t *testing.T)

func TestGetSafeHeaderValues_RejectsIndividualValueTooLarge ¶ added in v1.9.0

func TestGetSafeHeaderValues_RejectsIndividualValueTooLarge(t *testing.T)