forked from wrenn/wrenn
Refactored to maintain a separate cloud version
Moves 12 packages from internal/ to pkg/ (config, id, validate, events, db, auth, lifecycle, scheduler, channels, audit, service) so they can be imported by the enterprise repo as a Go module dependency. Introduces pkg/cpextension (shared Extension interface + ServerContext) and pkg/cpserver (Run() entrypoint with functional options) so the enterprise main.go can call cpserver.Run(cpserver.WithExtensions(...)) without duplicating the 20-step server bootstrap. Adds db/migrations/embed.go for go:embed access to OSS SQL migrations from the enterprise module. cmd/control-plane/main.go is reduced to a 10-line wrapper around cpserver.Run.
This commit is contained in:
24
pkg/validate/name.go
Normal file
24
pkg/validate/name.go
Normal file
@ -0,0 +1,24 @@
|
||||
package validate
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
// nameRe matches safe path component names: alphanumeric start, then
|
||||
// alphanumeric, dash, underscore, or dot. Max 64 characters.
|
||||
var nameRe = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9._-]{0,63}$`)
|
||||
|
||||
// SafeName checks that name is safe for use as a single filesystem path
|
||||
// component. It rejects empty strings, path separators, ".." sequences,
|
||||
// leading dots, and anything outside the alphanumeric+dash+underscore+dot
|
||||
// allowlist.
|
||||
func SafeName(name string) error {
|
||||
if name == "" {
|
||||
return fmt.Errorf("name must not be empty")
|
||||
}
|
||||
if !nameRe.MatchString(name) {
|
||||
return fmt.Errorf("name %q contains invalid characters or is too long (max 64, must match %s)", name, nameRe.String())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
41
pkg/validate/name_test.go
Normal file
41
pkg/validate/name_test.go
Normal file
@ -0,0 +1,41 @@
|
||||
package validate
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestSafeName(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
input string
|
||||
wantErr bool
|
||||
}{
|
||||
{"simple", "minimal", false},
|
||||
{"with-dash", "template-abc123", false},
|
||||
{"with-dot", "my-snapshot.v2", false},
|
||||
{"sandbox-id", "cl-12345678", false},
|
||||
{"single-char", "a", false},
|
||||
{"numbers", "123", false},
|
||||
{"max-length", "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01", false},
|
||||
|
||||
{"empty", "", true},
|
||||
{"dot-dot", "..", true},
|
||||
{"single-dot", ".", true},
|
||||
{"leading-dot", ".hidden", true},
|
||||
{"slash", "foo/bar", true},
|
||||
{"backslash", "foo\\bar", true},
|
||||
{"traversal", "../etc/passwd", true},
|
||||
{"embedded-traversal", "foo/../bar", true},
|
||||
{"space", "foo bar", true},
|
||||
{"too-long", "abcdefghijklmnopqrstuvwxyz012345678901abcdefghijklmnopqrstuvwxyz01", true},
|
||||
{"absolute", "/etc/passwd", true},
|
||||
{"tilde", "~root", true},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
err := SafeName(tt.input)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("SafeName(%q) error = %v, wantErr %v", tt.input, err, tt.wantErr)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user