Class: Makit::Commands::Middleware::Validator

Inherits:

Object

• Object
• Makit::Commands::Middleware::Validator

Defined in:

lib/makit/commands/middleware/validator.rb

Overview

Validation middleware that provides input sanitization and security checks for command execution contexts.

This middleware validates and sanitizes:

• Command strings for shell injection attacks

• File paths for directory traversal

• URLs for malicious schemes

• Environment variables for sensitive data

• Arguments for dangerous patterns

Examples:

Basic usage

validator = Commands::Middleware::Validator.new
context = Commands::Context.new(command: 'ls -la')
validated_context = validator.call(context)

With custom validation rules

validator = Commands::Middleware::Validator.new(
  allow_shell_operators: false,
  blocked_commands: %w[rm sudo],
  max_command_length: 500
)

Constant Summary

DEFAULT_BLOCKED_COMMANDS =

Default blocked commands that pose security risks

%w[
  rm rmdir
  sudo su
  chmod chown
  wget curl
  eval exec
  python ruby node
  ssh scp rsync
  dd fdisk mount umount
  iptables ufw
  systemctl service
  crontab
  passwd
].freeze

DANGEROUS_PATTERNS =

Dangerous shell operators and patterns

[
  /[;&|`$(){}]/, # Shell operators and command substitution
  %r{\.\./}, # Directory traversal
  %r{/etc/|/proc/|/sys/}, # Sensitive system directories
  /\$\{[^}]*\}/, # Variable expansion
  %r{~[^/\s]*}, # User home directory expansion
  %r{\bfile://|ftp://|https?://[^\s]*\.(sh|py|rb|js|exe|bat)\b}i, # Executable URLs
].freeze

DEFAULT_LIMITS =

Maximum allowed lengths for various inputs

{
  command_length: 1000,
  argument_length: 500,
  path_length: 1000,
  env_var_value_length: 2000,
}.freeze

Instance Attribute Summary

• #options ⇒ Object readonly

  Returns the value of attribute options.

Instance Method Summary

• #call(context) ⇒ Commands::Context

  Validate and sanitize the command context.

• #initialize(options = {}) ⇒ Validator constructor

  Initialize the validator with security options.

Constructor Details

#initialize(options = {}) ⇒ Validator

Initialize the validator with security options

Parameters:

• options (Hash) (defaults to: {}) —

  Configuration options

Options Hash (options):

• :allow_shell_operators (Boolean) — default: false —

  Allow shell operators like ;, |, &

• :blocked_commands (Array<String>) —

  Commands to block

• :limits (Hash) —

  Length limits for various inputs

• :strict_mode (Boolean) — default: true —

  Enable strict validation

• :allowed_schemes (Array<String>) —

  URL schemes to allow

# File 'lib/makit/commands/middleware/validator.rb', line 78

def initialize(options = {})
  @options = {
    allow_shell_operators: false,
    blocked_commands: DEFAULT_BLOCKED_COMMANDS,
    limits: DEFAULT_LIMITS,
    strict_mode: true,
    allowed_schemes: %w[http https file],
    allow_environment_access: false,
  }.merge(options)
end

Instance Attribute Details

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/makit/commands/middleware/validator.rb', line 68

def options
  @options
end

Instance Method Details

#call(context) ⇒ Commands::Context

Validate and sanitize the command context

Parameters:

• context (Commands::Context) —

  The command execution context

Returns:

• (Commands::Context) —

  Validated context

Raises:

• (Commands::SecurityError) —

  If validation fails

# File 'lib/makit/commands/middleware/validator.rb', line 94

def call(context)
  validate_command!(context.command) if context.command
  validate_arguments!(context.arguments) if context.arguments
  validate_environment!(context.environment) if context.environment
  validate_working_directory!(context.working_directory) if context.working_directory

  context
rescue StandardError => e
  raise Commands::SecurityError, "Validation failed: #{e.message}"
end