Skip to main content

Module validation

synapse_pingora

Module validation 

Source
Expand description

Validation utilities for TLS certificates, domains, and configuration.

§Security

This module provides comprehensive validation for:

  • Certificate file paths and accessibility - Validates PEM format, path traversal detection
  • Domain names (RFC 1035 compliance) - Prevents invalid domain configurations
  • Configuration safety - Ensures TLS configuration is safe before use

§Path Traversal Protection

The module detects and rejects paths containing:

  • .. (directory traversal)
  • ~ (home directory expansion attacks)

This prevents configuration-based path traversal attacks.

§Domain Validation

Domains must comply with RFC 1035:

  • Max 253 characters total
  • Each label max 63 characters
  • Labels contain only alphanumerics and hyphens
  • Labels cannot start or end with hyphen
  • Supports wildcard domains (*.example.com)

§Examples

use synapse_pingora::validation::{validate_domain_name, validate_certificate_file};

// Validate a domain
assert!(validate_domain_name("example.com").is_ok());
assert!(validate_domain_name("*.example.com").is_ok());
assert!(validate_domain_name("-invalid.com").is_err()); // Invalid format

// Validate a certificate file
assert!(validate_certificate_file("/etc/certs/server.crt").is_ok());
assert!(validate_certificate_file("/etc/certs/invalid.txt").is_err()); // Not PEM format

Structs§

SsrfError
SSRF protection error.

Enums§

ValidationError
Validation errors that can occur during configuration validation.

Functions§

validate_certificate_file
Validates a certificate file is in PEM format and contains cert data.
validate_cidr
Validates a CIDR block string.
validate_domain_name
Validates a domain name according to RFC 1035.
validate_file_path
Validates a file path exists and is readable.
validate_hostname
Validates a hostname (alias for domain validation).
validate_private_key_file
Validates a private key file is in PEM format and meets minimum security requirements.
validate_rate_limit
Validates rate limit configuration.
validate_tls_config
Validates a complete TLS configuration.
validate_upstream
Validates an upstream address (host:port) with SSRF protection.
validate_waf_threshold
Validates WAF risk threshold (0-100).

Type Aliases§

ValidationResult
Result type for validation operations.