From 1d66a0f58e4ebcdf4f42c9d78f82a1ab49a2cf11 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <lizhunt@amazon.com>
Date: Tue, 13 May 2025 18:58:45 -0700
Subject: snapshot!

---
 u/process/validate_identifier.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 u/process/validate_identifier.ts

(limited to 'u/process/validate_identifier.ts')

diff --git a/u/process/validate_identifier.ts b/u/process/validate_identifier.ts
new file mode 100644
index 0000000..ec8b77b
--- /dev/null
+++ b/u/process/validate_identifier.ts
@@ -0,0 +1,17 @@
+import { Either } from "./mod.ts";
+
+export const validateIdentifier = (token: string) => {
+  return (/^[a-zA-Z0-9_\-:. \/]+$/).test(token) && !token.includes("..");
+};
+
+// ensure {@param obj} is a Record<string, string> with stuff that won't
+// have the potential for shell injection, just to be super safe.
+export const validateExecutionEntries = (
+  obj: Record<string, unknown>,
+): Either<Array<[string, unknown]>, Record<string, string>> => {
+  const invalidEntries = Object.entries(obj).filter((e) =>
+    !e.every((x) => typeof x === "string" && validateIdentifier(x))
+  );
+  if (invalidEntries.length > 0) return Either.left(invalidEntries);
+  return Either.right(<Record<string, string>> obj);
+};
-- 
cgit v1.2.3-70-g09d2