UserSecretValueValid validates a user secret value as bytes submitted by the user (plaintext). The value must not contain null bytes and must not exceed MaxUserSecretValueBytes. The DB trigger separately enforces a stored-bytes env aggregate at the same numeric cap; under encryption the trigger may
(value string)
| 296 | // that pass this check. See MaxUserSecretValueBytes for the |
| 297 | // dual-enforcement explanation. |
| 298 | func UserSecretValueValid(value string) error { |
| 299 | if strings.Contains(value, "\x00") { |
| 300 | return xerrors.New("secret value must not contain null bytes") |
| 301 | } |
| 302 | |
| 303 | if len(value) > MaxUserSecretValueBytes { |
| 304 | return xerrors.Errorf("secret value must not exceed %d bytes", MaxUserSecretValueBytes) |
| 305 | } |
| 306 | |
| 307 | return nil |
| 308 | } |