sanitize

package
v1.20211025.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2021 License: MIT Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DefaultSanitizationDisallowedHeaders     = []string{"authorization", "cookie", "set-cookie"}
	DefaultSanitizationDisallowedQueryParams = []string{"access_token", "client_secret"}
)

Default values for disallowed field names Note: the values are compared using `strings.EqualFold` so the casing shouldn't matter

Functions

func DefaultKeyValuesSanitizerFunc added in v1.20211016.2 

func DefaultKeyValuesSanitizerFunc(_ string, _ ...string) []string

DefaultKeyValuesSanitizerFunc is the default value sanitizer.

For any given key's values it will simply return nil, implying that the key was one of the banned keys and we should completely omit the values.

func DefaultPathSanitizerFunc added in v1.20211016.2 

func DefaultPathSanitizerFunc(p string) string

DefaultPathSanitizerFunc is a default implementation of a path sanitizer func that just returns the original path.

func PathUUIDs added in v1.20211016.2 

func PathUUIDs(path string) string

PathUUIDs is a path sanitizer func that replaces any uuids in a path with "?".

func Request 

func Request(r *http.Request, opts ...RequestOption) *http.Request

Request sanitizes a given request.

Types

type KeyValuesSanitizer added in v1.20211016.2 

type KeyValuesSanitizer interface {
	SanitizeKeyValues(key string, values ...string) []string
}

KeyValuesSanitizer is a type that can sanitize http header or query key values.

Values are passed from `map[string][]string` typically, hence the `key` and `values...` parameters.

The `SanitizeValue` function should return the modified or sanitized value for each of the input values, for a given key.

type KeyValuesSanitizerFunc added in v1.20211016.2 

type KeyValuesSanitizerFunc func(key string, values ...string) []string

KeyValuesSanitizerFunc is a function implementation of ValueSanitizer.

func (KeyValuesSanitizerFunc) SanitizeKeyValues added in v1.20211016.2 

func (vsf KeyValuesSanitizerFunc) SanitizeKeyValues(key string, values ...string) []string

SanitizeKeyValues implements `KeyValuesSanitizer`.

type PathSanitizer added in v1.20211016.2 

type PathSanitizer interface {
	SanitizePath(path string) string
}

PathSanitizer is a type that can sanitize a url path.

type PathSanitizerFunc added in v1.20211016.2 

type PathSanitizerFunc func(path string) string

PathSanitizerFunc implements PathSanitizer.

func (PathSanitizerFunc) SanitizePath added in v1.20211016.2 

func (psf PathSanitizerFunc) SanitizePath(path string) string

SanitizePath implements PathSanitizer.

type RequestOption 

type RequestOption func(*RequestSanitizer)

RequestOption is a function that mutates sanitization options.

func OptRequestAddDisallowedHeaders 

func OptRequestAddDisallowedHeaders(headers ...string) RequestOption

OptRequestAddDisallowedHeaders adds disallowed request headers, augmenting defaults.

func OptRequestAddDisallowedQueryParams 

func OptRequestAddDisallowedQueryParams(queryParams ...string) RequestOption

OptRequestAddDisallowedQueryParams adds disallowed request query params, augmenting defaults.

func OptRequestKeyValuesSanitizer added in v1.20211016.2 

func OptRequestKeyValuesSanitizer(valueSanitizer KeyValuesSanitizer) RequestOption

OptRequestKeyValuesSanitizer sets the request key values sanitizer.

func OptRequestPathSanitizer added in v1.20211016.2 

func OptRequestPathSanitizer(pathSanitizer PathSanitizer) RequestOption

OptRequestPathSanitizer sets the request path sanitizer.

func OptRequestSetDisallowedHeaders 

func OptRequestSetDisallowedHeaders(headers ...string) RequestOption

OptRequestSetDisallowedHeaders sets the disallowed request headers, overwriting defaults.

func OptRequestSetDisallowedQueryParams 

func OptRequestSetDisallowedQueryParams(queryParams ...string) RequestOption

OptRequestSetDisallowedQueryParams sets the disallowed request query params, overwriting defaults.

type RequestSanitizer added in v1.20211016.2 

type RequestSanitizer struct {
	DisallowedHeaders     []string
	DisallowedQueryParams []string
	KeyValuesSanitizer    KeyValuesSanitizer
	PathSanitizer         PathSanitizer
}

RequestSanitizer are options for sanitization of http requests.

func NewRequestSanitizer added in v1.20211016.2 

func NewRequestSanitizer(opts ...RequestOption) RequestSanitizer

NewRequestSanitizer creates a new request sanitizer.

func (RequestSanitizer) IsHeaderDisallowed added in v1.20211016.2 

func (rs RequestSanitizer) IsHeaderDisallowed(header string) bool

IsHeaderDisallowed returns if a header is in the disallowed list.

func (RequestSanitizer) IsQueryParamDisallowed added in v1.20211016.2 

func (rs RequestSanitizer) IsQueryParamDisallowed(queryParam string) bool

IsQueryParamDisallowed returns if a query param is in the disallowed list.

func (RequestSanitizer) Sanitize added in v1.20211016.2 

func (rs RequestSanitizer) Sanitize(r *http.Request) *http.Request

Sanitize applies sanitization options to a given request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.