validate

package

v0.25.0 Latest Latest Go to latest Published: Nov 13, 2025 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/trly/quad-ops

Links

Open Source Insights

Documentation ¶

Overview ¶

Package validate provides security validation functions for sensitive data

Package validate provides functions to validate various aspects of the application.

Index ¶

Constants
func EnvKey(key string) error
func Path(path string) error
func PathWithinBase(path, basePath string) (string, error)
func SanitizeForLogging(key, value string) string
func SystemRequirements() error
func UnitName(unitName string) error
type SecretValidator
- func NewSecretValidator(logger log.Logger) *SecretValidator
type Validator
- func NewValidator(logger log.Logger, runner execx.Runner) *Validator
- func NewValidatorWithDefaults(logger log.Logger) *Validator

Constants ¶

View Source

const (
	MaxSecretFileSize  = 1024 * 1024 // 1MB - Maximum size for secret files
	MaxEnvValueSize    = 32768       // 32KB - Maximum size for environment variable values
	MaxSecretNameLen   = 253         // DNS name limit - Maximum length for secret names
	MaxEnvKeyLen       = 256         // Maximum length for environment variable keys
	MaxSecretTargetLen = 4096        // Maximum length for secret target paths
)

Security constants for size limits and validation.

Variables ¶

This section is empty.

Functions ¶

func EnvKey ¶ added in v0.16.1

func EnvKey(key string) error

EnvKey provides extended validation for environment variable keys. Deprecated: Use SecretValidator.ValidateEnvKey instead.

func Path ¶ added in v0.25.0

func Path(path string) error

Path validates that a path doesn't contain path traversal sequences. It uses filepath.Clean to normalize the path and checks for traversal attempts.

func PathWithinBase ¶ added in v0.25.0

func PathWithinBase(path, basePath string) (string, error)

PathWithinBase ensures a path stays within a base directory after cleaning. This is more secure than Path alone for critical file operations.

func SanitizeForLogging ¶ added in v0.16.1

func SanitizeForLogging(key, value string) string

SanitizeForLogging redacts sensitive information from strings for safe logging.

func SystemRequirements ¶

func SystemRequirements() error

SystemRequirements checks if all required system tools are installed. Deprecated: Use NewValidator and Validator.SystemRequirements instead.

func UnitName ¶ added in v0.25.0

func UnitName(unitName string) error

UnitName validates that a unit name is safe for use in shell commands. Unit names must follow systemd naming conventions to prevent command injection.

Types ¶

type SecretValidator ¶ added in v0.16.1

type SecretValidator struct {
	// contains filtered or unexported fields
}

SecretValidator provides validation for secrets and sensitive data.

func NewSecretValidator ¶ added in v0.16.1

func NewSecretValidator(logger log.Logger) *SecretValidator

NewSecretValidator creates a new SecretValidator instance.

func (*SecretValidator) ValidateEnvKey ¶ added in v0.21.0

func (sv *SecretValidator) ValidateEnvKey(key string) error

ValidateEnvKey provides extended validation for environment variable keys.

func (*SecretValidator) ValidateEnvValue ¶ added in v0.16.1

func (sv *SecretValidator) ValidateEnvValue(key, value string) error

ValidateEnvValue validates environment variable values for size and content.

func (*SecretValidator) ValidateSecretName ¶ added in v0.16.1

func (sv *SecretValidator) ValidateSecretName(name string) error

ValidateSecretName validates that a secret name is safe and follows conventions.

func (*SecretValidator) ValidateSecretTarget ¶ added in v0.16.1

func (sv *SecretValidator) ValidateSecretTarget(target string) error

ValidateSecretTarget validates that a secret target path is safe.

func (*SecretValidator) ValidateSecretValue ¶ added in v0.16.1

func (sv *SecretValidator) ValidateSecretValue(value string) error

ValidateSecretValue validates that a secret value is safe and within size limits.

type Validator ¶ added in v0.21.0

type Validator struct {
	SecretValidator *SecretValidator
	// contains filtered or unexported fields
}

Validator provides system requirements validation with dependency injection.

func NewValidator ¶ added in v0.21.0

func NewValidator(logger log.Logger, runner execx.Runner) *Validator

NewValidator creates a new Validator with the provided logger and command runner.

func NewValidatorWithDefaults ¶ added in v0.21.0

func NewValidatorWithDefaults(logger log.Logger) *Validator

NewValidatorWithDefaults creates a new Validator with default dependencies.

func (*Validator) SystemRequirements ¶ added in v0.21.0

func (v *Validator) SystemRequirements() error

SystemRequirements checks if all required system tools are installed.

func (*Validator) ValidatePodmanSecretExists ¶ added in v0.24.0

func (v *Validator) ValidatePodmanSecretExists(ctx context.Context, secretName string) error

ValidatePodmanSecretExists checks if a podman secret exists on the system.

func (*Validator) WithOSGetter ¶ added in v0.22.0

func (v *Validator) WithOSGetter(osGetter func() string) *Validator

WithOSGetter sets a custom OS getter for testing.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL