UserSecretEnvNameValid validates an environment variable name for a user secret. Empty string is allowed (means no env injection).
(s string)
| 230 | // UserSecretEnvNameValid validates an environment variable name for |
| 231 | // a user secret. Empty string is allowed (means no env injection). |
| 232 | func UserSecretEnvNameValid(s string) error { |
| 233 | if s == "" { |
| 234 | return nil |
| 235 | } |
| 236 | |
| 237 | if len(s) > MaxUserSecretEnvNameLength { |
| 238 | return xerrors.Errorf( |
| 239 | "environment variable name must not exceed %d bytes", |
| 240 | MaxUserSecretEnvNameLength, |
| 241 | ) |
| 242 | } |
| 243 | |
| 244 | if !posixEnvNameRegex.MatchString(s) { |
| 245 | return xerrors.New("must start with a letter or underscore, followed by letters, digits, or underscores") |
| 246 | } |
| 247 | |
| 248 | upper := strings.ToUpper(s) |
| 249 | |
| 250 | if _, ok := reservedEnvNames[upper]; ok { |
| 251 | return xerrors.Errorf("%s is a reserved environment variable name", upper) |
| 252 | } |
| 253 | |
| 254 | if upper == "CODER" || strings.HasPrefix(upper, "CODER_") { |
| 255 | return xerrors.New("environment variable names starting with CODER_ are reserved for internal use") |
| 256 | } |
| 257 | |
| 258 | for _, prefix := range reservedEnvPrefixes { |
| 259 | if strings.HasPrefix(upper, prefix) { |
| 260 | return xerrors.Errorf("environment variables starting with %s are reserved", prefix) |
| 261 | } |
| 262 | } |
| 263 | |
| 264 | return nil |
| 265 | } |
| 266 | |
| 267 | // UserSecretFilePathValid validates a file path for a user secret. |
| 268 | // Empty string is allowed (means no file injection). Non-empty paths |