UserSecretFilePathValid validates a file path for a user secret. Empty string is allowed (means no file injection). Non-empty paths must start with ~/ or /, must not contain null bytes, and must not exceed 4096 bytes.
(s string)
| 269 | // must start with ~/ or /, must not contain null bytes, and must not |
| 270 | // exceed 4096 bytes. |
| 271 | func UserSecretFilePathValid(s string) error { |
| 272 | if s == "" { |
| 273 | return nil |
| 274 | } |
| 275 | |
| 276 | if !strings.HasPrefix(s, "~/") && !strings.HasPrefix(s, "/") { |
| 277 | return xerrors.New("file path must start with ~/ or /") |
| 278 | } |
| 279 | |
| 280 | if strings.Contains(s, "\x00") { |
| 281 | return xerrors.New("file path must not contain null bytes") |
| 282 | } |
| 283 | |
| 284 | if len(s) > maxFilePathLength { |
| 285 | return xerrors.Errorf("file path must not exceed %d bytes", maxFilePathLength) |
| 286 | } |
| 287 | |
| 288 | return nil |
| 289 | } |
| 290 | |
| 291 | // UserSecretValueValid validates a user secret value as bytes |
| 292 | // submitted by the user (plaintext). The value must not contain |