Struct InputValidator

Source

pub struct InputValidator { /* private fields */ }

Expand description

Opt-in validator for argument and flag values supplied to a parsed command.

Create a permissive instance with InputValidator::new and enable individual checks through the builder methods, or use InputValidator::strict to enable every check at once.

§Examples

use argot_cmd::input_validation::InputValidator;

// Only check for path traversal.
let v = InputValidator::new().check_path_traversal();
assert!(v.validate_value("file", "safe_name.txt").is_ok());
assert!(v.validate_value("file", "../etc/passwd").is_err());

Implementations§

Source §

impl InputValidator

Source

pub fn new() -> Self

Create a new InputValidator with all checks disabled.

Use the builder methods (.check_path_traversal(), etc.) to opt in to specific checks, or call InputValidator::strict to enable all of them at once.

Source

pub fn strict() -> Self

Create an InputValidator with all checks enabled.

Equivalent to:

InputValidator::new()
    .check_path_traversal()
    .check_control_chars()
    .check_query_injection()
    .check_url_encoding();

Source

pub fn check_path_traversal(self) -> Self

Enable path-traversal detection.

Flags values containing ../, ..\, or starting with / or ~.

Source

pub fn check_control_chars(self) -> Self

Enable control-character detection.

Flags values containing ASCII bytes in the range 0x00–0x1F or 0x7F, except horizontal tab (0x09) and newline (0x0A).

Source

pub fn check_query_injection(self) -> Self

Enable embedded query-parameter detection.

Flags values that contain ? or match the pattern &<key>=<val>, which may indicate URL-injection attempts.

Source

pub fn check_url_encoding(self) -> Self

Enable percent-encoded string detection.

Flags values containing %XX sequences (where XX is a pair of hex digits), which may indicate attempts to smuggle disallowed characters past earlier checks.

Source

pub fn validate_value( &self, field: &str, value: &str, ) -> Result<(), ValidationError>

Validate a single named value against all enabled checks.

Returns the first ValidationError encountered, or Ok(()) if the value passes every enabled check.

§Arguments

field — the name of the argument or flag being validated (used in the error message).
value — the string value to inspect.

§Examples

use argot_cmd::input_validation::InputValidator;

let v = InputValidator::strict();
assert!(v.validate_value("path", "hello.txt").is_ok());
assert!(v.validate_value("path", "../secret").is_err());

Source

pub fn validate_parsed( &self, parsed: &ParsedCommand<'_>, ) -> Result<(), ValidationError>

Validate all argument and flag values in a ParsedCommand.

Iterates over every entry in parsed.args and parsed.flags and calls InputValidator::validate_value on each. Returns the first error encountered, or Ok(()) when every value passes.

§Examples

use argot_cmd::{Command, Argument, Parser};
use argot_cmd::input_validation::InputValidator;

let cmd = Command::builder("get")
    .argument(Argument::builder("id").required().build().unwrap())
    .build()
    .unwrap();
let cmds = vec![cmd];
let parser = Parser::new(&cmds);
let parsed = parser.parse(&["get", "safe_value"]).unwrap();

let v = InputValidator::strict();
assert!(v.validate_parsed(&parsed).is_ok());