congo / cmd / internal / validation.go

validation.go

39 lines

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

package scaffold

import "strings"

// SafeName validates a name contains only safe characters (no path separators).
func SafeName(s string) bool {
	for _, c := range s {
		if !((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '-' || c == '_') {
			return false
		}
	}
	return len(s) > 0
}

// SafeRelPath validates a relative path for setup scripts (no .., no leading /).
func SafeRelPath(s string) bool {
	if len(s) == 0 || s[0] == '/' || strings.Contains(s, "..") {
		return false
	}
	for _, c := range s {
		if !((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '-' || c == '_' || c == '/' || c == '.') {
			return false
		}
	}
	return true
}

// SafePath validates an absolute path for shell interpolation (no .., must start with /).
func SafePath(s string) bool {
	if len(s) == 0 || s[0] != '/' || strings.Contains(s, "..") {
		return false
	}
	for _, c := range s {
		if !((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '-' || c == '_' || c == '/' || c == '.') {
			return false
		}
	}
	return true
}