security

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package security provides security validation utilities for Azure Developer CLI extensions.

This package implements critical security checks to prevent common vulnerabilities including path traversal attacks, command injection, SSRF, and insecure file permissions. All user-provided input should be validated using these utilities before use in file operations, command execution, or network requests.

Key Features

- Path validation (prevents directory traversal attacks) - Symbolic link resolution and validation - Service name validation (DNS-safe, container-safe identifiers) - Package manager name validation (allowlist-based) - Script name sanitization (detects shell metacharacters) - Container environment detection - File permission validation (detects world-writable files)

Security Model

This package follows defense-in-depth principles:

  1. Validate all user input at boundaries
  2. Resolve symbolic links to prevent TOCTOU attacks
  3. Use allowlists instead of denylists where possible
  4. Fail securely (deny by default)
  5. Provide clear error messages without leaking sensitive info

Path Validation

Path traversal prevention:

  • Detects ".." sequences in paths
  • Resolves symbolic links to canonical paths
  • Validates paths are within expected boundaries
  • Handles both absolute and relative paths

Input Sanitization

Service names:

  • Must start with alphanumeric character
  • May contain: a-z, A-Z, 0-9, hyphen (-)
  • DNS-safe (RFC 1123)
  • Container-safe (Docker naming rules)

Script names:

  • No shell metacharacters: ; | & $ ` \ < > ( ) { }
  • Prevents command injection
  • Safe for use in shell commands

Package managers:

  • Allowlist: npm, pip, maven, gradle, dotnet, go
  • Prevents arbitrary package manager execution

Example Usage 

// Validate user-provided path
safePath, err := security.ValidatePath("/base/dir", userPath)
if err != nil {
    return fmt.Errorf("invalid path: %w", err)
}

// Validate service name
if err := security.ValidateServiceName(name); err != nil {
    return fmt.Errorf("invalid service name: %w", err)
}

// Check for shell metacharacters
if security.ContainsShellMetachars(scriptName) {
    return errors.New("script name contains unsafe characters")
}

// Detect world-writable files
isInsecure, err := security.IsWorldWritable("config.json")
if err != nil {
    return err
}
if isInsecure {
    log.Warn("File has insecure permissions")
}

Testing

This package requires ≥95% test coverage including:

  • Attack vectors (path traversal, command injection)
  • Edge cases (symlinks, permissions, Unicode)
  • Fuzz testing for input validation
  • Cross-platform scenarios

Package security provides security utilities for path validation, input sanitization, and protection against common vulnerabilities like path traversal attacks.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidPath indicates a path contains invalid characters or patterns.
	ErrInvalidPath = errors.New("invalid path")
	// ErrPathTraversal indicates a path traversal attack attempt.
	ErrPathTraversal = errors.New("path traversal detected")
	// ErrInvalidServiceName indicates an invalid service name.
	ErrInvalidServiceName = errors.New("invalid service name")
)
View Source 
var ErrInsecureFilePermissions = errors.New("insecure file permissions")

ErrInsecureFilePermissions indicates a file has insecure (world-writable) permissions.

Functions

func IsContainerEnvironment 

func IsContainerEnvironment() bool

IsContainerEnvironment detects if the code is running in a containerized environment. It checks for: - GitHub Codespaces (CODESPACES=true) - VS Code Dev Containers (REMOTE_CONTAINERS=true) - Docker containers (/.dockerenv file exists) - Kubernetes pods (KUBERNETES_SERVICE_HOST set)

func SanitizeScriptName 

func SanitizeScriptName(name string) error

SanitizeScriptName ensures a script name doesn't contain shell metacharacters.

func ValidateFilePermissions 

func ValidateFilePermissions(path string) error

ValidateFilePermissions checks if a file has secure permissions. On Unix systems, it ensures the file is not world-writable. On Windows, this check is skipped as Windows uses ACLs differently. If the file is world-writable on non-Windows platforms, this returns ErrInsecureFilePermissions. Callers may translate that into a user visible warning when running inside container environments.

func ValidatePackageManager 

func ValidatePackageManager(pm string) error

ValidatePackageManager checks if the package manager name is allowed.

func ValidatePath 

func ValidatePath(path string) error

ValidatePath checks if a path is safe to use. It prevents path traversal attacks, symbolic link attacks, and validates the path is within allowed bounds.

func ValidateServiceName 

func ValidateServiceName(name string, allowEmpty bool) error

ValidateServiceName validates that a service name is safe and well-formed. Service names must: - Start with an alphanumeric character - Contain only alphanumeric characters, underscores, hyphens, or dots - Be at most 63 characters (DNS label limit) - Not contain path traversal sequences

If allowEmpty is true, empty strings are accepted (for optional parameters).

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.