Skip to content

Add input validation against malformed inputs#293

Draft
gtsiolis wants to merge 1 commit into
mainfrom
pro-306-add-input-validation-against-malformed-inputs
Draft

Add input validation against malformed inputs#293
gtsiolis wants to merge 1 commit into
mainfrom
pro-306-add-input-validation-against-malformed-inputs

Conversation

@gtsiolis

@gtsiolis gtsiolis commented Jun 9, 2026

Copy link
Copy Markdown
Member

Adds an internal/validate package and wires it at the three input boundaries where the CLI accepts user/agent-supplied strings: snapshot names (snapshot save/load), the auth token (env/keyring), and [env.*] config values.

Malformed input now fails fast at the boundary with a precise, machine-classifiable reason instead of flowing into a Docker call or the platform API and surfacing as a confusing error three layers down.

Part of PRO-236.
Closes PRO-306.

Same malformed inputs:

lstk snapshot save … BEFORE AFTER
pod:staging%2Fpod …use letters, digits, and hyphens only… …contains percent-encoding (pass the decoded value)
pod:../../etc/passwd …use letters, digits, and hyphens only… …contains a path traversal sequence (..)
pod:a;id …use letters, digits, and hyphens only… …contains shell metacharacters
pod:abc?fields=name …use letters, digits, and hyphens only… …contains path or query characters (/, ?, #)

@gtsiolis gtsiolis self-assigned this Jun 9, 2026
@gtsiolis gtsiolis force-pushed the pro-306-add-input-validation-against-malformed-inputs branch 2 times, most recently from 76c5d3e to 18243ab Compare July 1, 2026 07:04
@gtsiolis gtsiolis added the docs: skip Pull request does not require documentation changes label Jul 1, 2026
@gtsiolis gtsiolis force-pushed the pro-306-add-input-validation-against-malformed-inputs branch from 18243ab to 69f7e0a Compare July 2, 2026 07:08
@gtsiolis gtsiolis force-pushed the pro-306-add-input-validation-against-malformed-inputs branch from 69f7e0a to 60140de Compare July 3, 2026 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs: skip Pull request does not require documentation changes semver: patch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant