util.validation

General validation utilities for Trustpoint.

Module Contents

util.validation.MIN_USER_PORT = 1024[source]
util.validation.MAX_PORT = 65535[source]
util.validation.STANDARD_HTTP_PORTS = (80, 8080, 8888)[source]
util.validation.STANDARD_HTTPS_PORTS = (443, 8443)[source]
util.validation.DANGEROUS_PORTS[source]
exception util.validation.ValidationError[source]

Bases: Exception

Raised when validation fails.

util.validation.validate_common_name_characters(common_name)[source]

Validate that the common name contains only safe characters and no URL-like constructs.

Parameters:

common_name (str)

Return type:

None

util.validation.validate_application_uri(application_uri)[source]

Validate that the application URI has a valid scheme and is not HTTP/HTTPS.

Parameters:

application_uri (str)

Return type:

None

util.validation.validate_webhook_url(url)[source]

Validate that the webhook URL is safe and doesn’t allow SSRF attacks.

Implements comprehensive SSRF protection following OWASP guidelines: - Input validation and sanitization - URL parsing and scheme validation - Port number restrictions - Hostname validation - DNS resolution and IP address validation - Blocking of private/internal networks

Parameters:

url (str)

Return type:

None

util.validation.validate_remote_ca_connection(host, port, path, *, allow_localhost=True)[source]

Validate remote CA connection parameters for safety.

Parameters:
  • host (str) – The hostname or IP address of the remote CA.

  • port (int | None) – The port number (can be None for default).

  • path (str) – The URL path for the CA endpoint.

  • allow_localhost (bool) – Whether to allow localhost connections (default True for testing).

Return type:

None