Skip to content

validation

validation

Input validators for container names, profile names, and allowlist files.

Pure functions with no internal dependencies — safe to import from any module.

SAFE_CONTAINER = re.compile('^[A-Za-z0-9_][A-Za-z0-9_.-]*$') module-attribute

Container name pattern — allows leading underscore (podman convention).

SAFE_NAME = re.compile('^[A-Za-z0-9][A-Za-z0-9._-]*$') module-attribute

Strict name pattern for profiles, cache keys, etc.

validate_container_name(name)

Validate a container name against path-traversal and injection.

Raises:

Type Description
ValueError

If the name contains path separators or other unsafe chars.
Source code in src/terok_shield/common/validation.py 
18
19
20
21
22
23
24
25
26
def validate_container_name(name: str) -> str:
    """Validate a container name against path-traversal and injection.

    Raises:
        ValueError: If the name contains path separators or other unsafe chars.
    """
    if not SAFE_CONTAINER.fullmatch(name):
        raise ValueError(f"Unsafe container name: {name!r}")
    return name

validate_safe_name(name)

Validate a generic safe name (profiles, cache keys).

Stricter than container names — no leading underscore.

Raises:

Type Description
ValueError

If the name contains path separators or other unsafe chars.
Source code in src/terok_shield/common/validation.py 
29
30
31
32
33
34
35
36
37
38
39
def validate_safe_name(name: str) -> str:
    """Validate a generic safe name (profiles, cache keys).

    Stricter than container names — no leading underscore.

    Raises:
        ValueError: If the name contains path separators or other unsafe chars.
    """
    if not SAFE_NAME.fullmatch(name):
        raise ValueError(f"Unsafe name: {name!r}")
    return name

parse_entries(text)

Parse an allowlist text file into non-blank, non-comment lines.

Source code in src/terok_shield/common/validation.py 
42
43
44
45
46
47
48
def parse_entries(text: str) -> list[str]:
    """Parse an allowlist text file into non-blank, non-comment lines."""
    return [
        line.strip()
        for line in text.splitlines()
        if (stripped := line.strip()) and not stripped.startswith("#")
    ]