34 lines
857 B
Go
34 lines
857 B
Go
package sanitize
|
|
|
|
import (
|
|
"errors"
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
var bucketNameRegex = regexp.MustCompile(`^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$`)
|
|
|
|
func ObjectKey(key string) error {
|
|
if strings.Contains(key, "..") || strings.Contains(key, "//") || strings.HasPrefix(key, "/") {
|
|
return errors.New("invalid object key: path traversal detected")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func BucketName(name string) error {
|
|
if !bucketNameRegex.MatchString(name) {
|
|
return errors.New("invalid bucket name: must be 3-63 lowercase letters, digits, hyphens, or dots")
|
|
}
|
|
if len(name) < 3 || len(name) > 63 {
|
|
return errors.New("invalid bucket name: must be between 3 and 63 characters")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func Filename(name string) string {
|
|
safe := strings.ReplaceAll(name, `"`, `\"`)
|
|
safe = strings.ReplaceAll(safe, "\r", "")
|
|
safe = strings.ReplaceAll(safe, "\n", "")
|
|
return safe
|
|
}
|