Add input validation against malformed inputs#293
Draft
gtsiolis wants to merge 1 commit into
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds an
internal/validatepackage and wires it at the three input boundaries where the CLI accepts user/agent-supplied strings: snapshot names (snapshot save/load), the auth token (env/keyring), and[env.*]config values.Malformed input now fails fast at the boundary with a precise, machine-classifiable reason instead of flowing into a Docker call or the platform API and surfacing as a confusing error three layers down.
Part of PRO-236.
Closes PRO-306.
Same malformed inputs:
lstk snapshot save …pod:staging%2Fpod…use letters, digits, and hyphens only……contains percent-encoding (pass the decoded value)pod:../../etc/passwd…use letters, digits, and hyphens only……contains a path traversal sequence (..)pod:a;id…use letters, digits, and hyphens only……contains shell metacharacterspod:abc?fields=name…use letters, digits, and hyphens only……contains path or query characters (/, ?, #)