pub fn validate_scan_id(scan_id: &str) -> Result<(), ValidationError>Expand description
Validates a scan ID to prevent path traversal and injection attacks.
This function ensures that scan IDs used in URL construction are safe and cannot be used for path traversal attacks or to access unauthorized resources.
§Security
Without this validation, an attacker could inject path traversal sequences:
"../../../admin/scans"→ Access admin endpoints"abc?admin=true"→ Inject query parameters"valid_id/../../other_id"→ Access other users’ scans
§Allowed Characters
- Alphanumeric:
a-z,A-Z,0-9 - Hyphens:
- - Underscores:
_
§Arguments
scan_id- The scan ID to validate
§Returns
Returns Ok(()) if the scan ID is valid.
§Errors
Returns ValidationError::EmptyScanId if the scan ID is empty.
Returns ValidationError::ScanIdTooLong if the scan ID exceeds maximum length.
Returns ValidationError::InvalidScanIdCharacters if the scan ID contains invalid characters.
§Examples
use veracode_platform::validation::validate_scan_id;
// Valid scan IDs
assert!(validate_scan_id("abc123").is_ok());
assert!(validate_scan_id("scan-id-123").is_ok());
assert!(validate_scan_id("SCAN_ID_456").is_ok());
// Invalid - path traversal
assert!(validate_scan_id("../admin").is_err());
// Invalid - special characters
assert!(validate_scan_id("scan?admin=true").is_err());
assert!(validate_scan_id("scan/path").is_err());