util.validation =============== .. py:module:: util.validation .. autoapi-nested-parse:: General validation utilities for Trustpoint. Module Contents --------------- .. py:data:: MIN_USER_PORT :value: 1024 .. py:data:: MAX_PORT :value: 65535 .. py:data:: STANDARD_HTTP_PORTS :value: (80, 8080, 8888) .. py:data:: STANDARD_HTTPS_PORTS :value: (443, 8443) .. py:data:: DANGEROUS_PORTS .. py:exception:: ValidationError Bases: :py:obj:`Exception` Raised when validation fails. .. py:function:: validate_common_name_characters(common_name) Validate that the common name contains only safe characters and no URL-like constructs. .. py:function:: validate_application_uri(application_uri) Validate that the application URI has a valid scheme and is not HTTP/HTTPS. .. py:function:: validate_webhook_url(url) Validate that the webhook URL is safe and doesn't allow SSRF attacks. Implements comprehensive SSRF protection following OWASP guidelines: - Input validation and sanitization - URL parsing and scheme validation - Port number restrictions - Hostname validation - DNS resolution and IP address validation - Blocking of private/internal networks .. py:function:: validate_remote_ca_connection(host, port, path, *, allow_localhost = True) Validate remote CA connection parameters for safety. :param host: The hostname or IP address of the remote CA. :param port: The port number (can be None for default). :param path: The URL path for the CA endpoint. :param allow_localhost: Whether to allow localhost connections (default True for testing).