file-system/internal/common/sanitize.go

package common

import (
	"regexp"
	"strings"
)

var bucketNameRegex = regexp.MustCompile(`^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$`)

func SanitizeObjectKey(key string) error {
	if strings.Contains(key, "..") || strings.Contains(key, "//") || strings.HasPrefix(key, "/") {
		return NewBusinessException("invalid object key: path traversal detected")
	}
	return nil
}

func SanitizeBucketName(name string) error {
	if !bucketNameRegex.MatchString(name) {
		return NewBusinessException("invalid bucket name: must be 3-63 lowercase letters, digits, hyphens, or dots")
	}
	if len(name) < 3 || len(name) > 63 {
		return NewBusinessException("invalid bucket name: must be between 3 and 63 characters")
	}
	return nil
}

func SanitizeFilename(name string) string {
	safe := strings.ReplaceAll(name, `"`, `\"`)
	safe = strings.ReplaceAll(safe, "\r", "")
	safe = strings.ReplaceAll(safe, "\n", "")
	return safe
}