pub fn validate_version(version: &str) -> Result<(), ValidationError>Expand description
Reject hostile version pins before they reach the URL builder.
Same threat model as validate_package_name: an unencoded ..
segment normalises away under a CDN. The version’s allowed
character set is well-defined (it’s the union of what semver
accepts: alphanumerics, dot, dash, plus, underscore — see
https://semver.org) so we can apply a positive whitelist on top
of the ..-traversal rejection that names get.
Rejection rules:
- empty
- longer than
MAX_VERSION_LENcharacters - exactly
.or.. - starts with
.(the empty-segment-then-traversal trick) - starts with
-(would land inclap-style argument parsing on any shell tooling that consumes the version downstream) - contains the substring
..anywhere - any character outside
[A-Za-z0-9._+-]
Notably permits + (semver build metadata, e.g. 1.0.0+build.7),
~ is not permitted (would let a ~user/... traversal slip
through if anyone ever concatenated this segment into a path on the
CLI side).