Skip to content

Add input validation against malformed inputs#293

Draft
gtsiolis wants to merge 1 commit into
mainfrom
pro-306-add-input-validation-against-malformed-inputs
Draft

Add input validation against malformed inputs#293
gtsiolis wants to merge 1 commit into
mainfrom
pro-306-add-input-validation-against-malformed-inputs

Conversation

@gtsiolis

@gtsiolis gtsiolis commented Jun 9, 2026

Copy link
Copy Markdown
Member

Adds an internal/validate package and wires it at the three input boundaries where the CLI accepts user/agent-supplied strings: snapshot names (snapshot save/load), the auth token (env/keyring), and [env.*] config values.

Malformed input now fails fast at the boundary with a precise, machine-classifiable reason instead of flowing into a Docker call or the platform API and surfacing as a confusing error three layers down.

Part of PRO-236.
Closes PRO-306.

Same malformed inputs:

lstk snapshot save … BEFORE AFTER
pod:staging%2Fpod …use letters, digits, and hyphens only… …contains percent-encoding (pass the decoded value)
pod:../../etc/passwd …use letters, digits, and hyphens only… …contains a path traversal sequence (..)
pod:a;id …use letters, digits, and hyphens only… …contains shell metacharacters
pod:abc?fields=name …use letters, digits, and hyphens only… …contains path or query characters (/, ?, #)

@gtsiolis gtsiolis self-assigned this Jun 9, 2026
@gtsiolis gtsiolis force-pushed the pro-306-add-input-validation-against-malformed-inputs branch from 054d756 to 76c5d3e Compare June 30, 2026 11:15
@gtsiolis gtsiolis force-pushed the pro-306-add-input-validation-against-malformed-inputs branch from 76c5d3e to 18243ab Compare July 1, 2026 07:04
@gtsiolis gtsiolis added the docs: skip Pull request does not require documentation changes label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs: skip Pull request does not require documentation changes semver: patch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant