# coldstar-validation
Input validation and sanitization for the ColdStar air-gapped Solana cold wallet.
## Overview
This crate provides security-focused validation functions to prevent command injection,
path traversal, and other input-related vulnerabilities in the ColdStar wallet system.
## Features
- **Device path validation** -- Platform-specific regex validation for Linux, macOS, and Windows device paths
- **Mount point validation** -- Ensures mount points are under expected OS-specific directories
- **Password strength checking** -- Enforces minimum length, character class, and common-password rules
- **Solana address validation** -- Base58 character set and decoded-length checks via `bs58` and `solana-sdk`
- **Balance and amount validation** -- Range checks, precision enforcement (max 9 decimal places)
- **Filename sanitization** -- Strips path traversal sequences, null bytes, and problematic characters
- **RPC URL validation** -- Scheme enforcement (HTTP/HTTPS) with cleartext-HTTP warnings
## Usage
```rust
use coldstar_validation::{
validate_device_path, validate_mount_point, validate_password_strength,
validate_solana_address, validate_balance_value, validate_amount_sol,
sanitize_filename, validate_rpc_url, Platform,
};
// Validate a macOS device path
let result = validate_device_path("/dev/disk2", Platform::Darwin);
assert!(result.is_ok());
// Validate a Solana address
let result = validate_solana_address("11111111111111111111111111111111");
assert!(result.is_ok());
// Sanitize a filename
let safe = sanitize_filename("../../etc/passwd", 255);
assert_eq!(safe, "etc_passwd");
```
## License
MIT