MCPcopy Index your code
hub / github.com/cheat/cheat / Validate

Function Validate

internal/sheet/validate.go:11–40  ·  view source on GitHub ↗

Validate ensures that a cheatsheet name does not contain directory traversal sequences or other potentially dangerous patterns.

(name string)

Source from the content-addressed store, hash-verified

9// Validate ensures that a cheatsheet name does not contain
10// directory traversal sequences or other potentially dangerous patterns.
11func Validate(name string) error {
12 // Reject empty names
13 if name == "" {
14 return fmt.Errorf("cheatsheet name cannot be empty")
15 }
16
17 // Reject names containing directory traversal
18 if strings.Contains(name, "..") {
19 return fmt.Errorf("cheatsheet name cannot contain '..'")
20 }
21
22 // Reject absolute paths
23 if filepath.IsAbs(name) {
24 return fmt.Errorf("cheatsheet name cannot be an absolute path")
25 }
26
27 // Reject names that start with ~ (home directory expansion)
28 if strings.HasPrefix(name, "~") {
29 return fmt.Errorf("cheatsheet name cannot start with '~'")
30 }
31
32 // Reject hidden files (files that start with a dot)
33 // We don't display hidden files, so we shouldn't create them
34 filename := filepath.Base(name)
35 if strings.HasPrefix(filename, ".") {
36 return fmt.Errorf("cheatsheet name cannot start with '.' (hidden files are not supported)")
37 }
38
39 return nil
40}

Callers 5

cmdRemoveFunction · 0.92
cmdEditFunction · 0.92
FuzzValidateFunction · 0.85
TestValidateFunction · 0.85

Calls

no outgoing calls

Tested by 3

FuzzValidateFunction · 0.68
TestValidateFunction · 0.68