coldstar-validation

Input validation and sanitization for the ColdStar air-gapped Solana cold wallet.

Overview

This crate provides security-focused validation functions to prevent command injection, path traversal, and other input-related vulnerabilities in the ColdStar wallet system.

Features

• Device path validation -- Platform-specific regex validation for Linux, macOS, and Windows device paths
• Mount point validation -- Ensures mount points are under expected OS-specific directories
• Password strength checking -- Enforces minimum length, character class, and common-password rules
• Solana address validation -- Base58 character set and decoded-length checks via bs58 and solana-sdk
• Balance and amount validation -- Range checks, precision enforcement (max 9 decimal places)
• Filename sanitization -- Strips path traversal sequences, null bytes, and problematic characters
• RPC URL validation -- Scheme enforcement (HTTP/HTTPS) with cleartext-HTTP warnings

Usage

use coldstar_validation::{
    validate_device_path, validate_mount_point, validate_password_strength,
    validate_solana_address, validate_balance_value, validate_amount_sol,
    sanitize_filename, validate_rpc_url, Platform,
};

// Validate a macOS device path
let result = validate_device_path("/dev/disk2", Platform::Darwin);
assert!(result.is_ok());

// Validate a Solana address
let result = validate_solana_address("11111111111111111111111111111111");
assert!(result.is_ok());

// Sanitize a filename
let safe = sanitize_filename("../../etc/passwd", 255);
assert_eq!(safe, "etc_passwd");

License

MIT