From 9970036d203ba2d0a46b35ba6fad21d49441cdd4 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 27 Jul 2025 17:03:10 -0700
Subject: hai

---
 lib/process/validate_identifier.ts | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 lib/process/validate_identifier.ts

(limited to 'lib/process/validate_identifier.ts')

diff --git a/lib/process/validate_identifier.ts b/lib/process/validate_identifier.ts
new file mode 100644
index 0000000..1ff3791
--- /dev/null
+++ b/lib/process/validate_identifier.ts
@@ -0,0 +1,18 @@
+import { Either, type IEither } from '@emprespresso/pengueno';
+
+export const validateIdentifier = (token: string) => {
+    return /^[a-zA-Z0-9_\-:. \/]+$/.test(token) && !token.includes('..');
+};
+
+// ensure {@param obj} is a Record<string, string> with stuff that won't
+// have the potential for shell injection, just to be super safe.
+type InvalidEntry<K, T> = [K, T];
+export const validateExecutionEntries = <T, K extends symbol | number | string = symbol | number | string>(
+    obj: Record<K, T>,
+): IEither<Array<InvalidEntry<K, T>>, Record<string, string>> => {
+    const invalidEntries = <Array<InvalidEntry<K, T>>>(
+        Object.entries(obj).filter((e) => !e.every((x) => typeof x === 'string' && validateIdentifier(x)))
+    );
+    if (invalidEntries.length > 0) return Either.left(invalidEntries);
+    return Either.right(<Record<string, string>>obj);
+};
-- 
cgit v1.2.3-70-g09d2