Module Restful.Valid

module Valid: sig .. end

Handy functions to validate common types of CGI parameter values. Each function returns true if its parameter passes a test; the name of the validator expresses a required quality. These functions can be conveniently combined with Functions to Combine Validators.

Validators for String Parameters

val notnull : string -> bool

Is the string not null (i.e. not "")?

val notblank : string -> bool

Is the string not completely blank (i.e. does not consist exclusively of spaces, tabs carriage returns and newlines)?

val noblanks : string -> bool

Is the string completely free of blanks? (A single blank invalidates the string.)

Validator for Boolean Parameters

val boolean : string -> bool

Is the string either "true" or "false"?

Validators for Numeric Parameters

All numeric validators imply the numeric test.

val numeric : string -> bool

Is the string numeric (i.e. comprised solely of base 10 digits)?

val nonzero : string -> bool

Is the number represented by the string non-zero?

val positive : string -> bool

Is the number represented by the string a positive integer?

val atleast : int -> string -> bool

atleast n str: is the number represented by the string >= n?

val atmost : int -> string -> bool

atmost n str: is the number represented by the string <= n?

val even : string -> bool

Is the number represented by the string an even integer?

val odd : string -> bool

Is the number represented by the string an odd integer?

Validators for URL Parameters

val url : ?syntax:Neturl.url_syntax -> string -> bool

Is the parameter a syntactically valid URL?

Note that if this parameter is going to come from a human, it's highly likely that it will be invalid; humans are terrible at typing valid (e.g. properly quoted) URLs, and most HTTP servers don't really care. In this case you may just want to use Restful.Valid.notnull.

syntax : the URL syntax to parse against (default: Neturl.ip_url_syntax)

Validators for Enumeration Parameters

An enumeration parameter is one which is only valid if it is a member of a given set of strings, given in one of several (soon) representations.

val list_member : 'a list -> 'a -> bool

list_member list string: is the string a member of the set represented by list?

Validators for Filename Parameters

Filenames as CGI parameters are potentially very dangerous. These validators enhance the security of filenames.

Note that, since Ocaml code is pre-compiled and there is no run-time eval mechanism, the usual need in "scripting languages" to worry about "metacharacters" does not arise (if you stick to pure Ocaml -- I'm assuming you don't pass any of these filenames to a shell).

val no_dot_dot : string -> bool

no_dot_dot param: valid if param does not contain any ".." components.

val relative : string -> bool

relative param: valid if parameter is in the form of a relative filename, i.e. does not start with a "/". N.B. this validator does not test whether or not the filename exists.

Validators for Directory Parameters

val subdir_of : ?dotok:bool -> string -> string -> bool

subdir_of ?dotok dir param: valid if parameter param is a (direct) subdirectory of dir i.e., is a child. param must be a directory.

The idea of this validator is to actually compare param as a string against the filenames within dir, treating dir as an enumeration of valid subdirs, rather than to join param onto dir and test whether or not it exists. ".." is never considered in this process, so the no_dot_dot test is implied. "." is not allowed unless dotok=true.

dotok : if true, param is allowed to be "." (default: false)

val subtree_of : string -> string -> bool

subtree_of dir param: valid if parameter param is a subtree of dir, i.e. param can be a relative path of any length, as long as it is rooted at dir. param must be a directory.

The idea of this validator is the same as that of subdir_of, which see. ".." is never considered in this process, so the no_dot_dot test is implied.

Validators for Javascript

val javascript_identifier : string -> bool

javascript_identifier v: valid if parameter value v is a syntactically correct Javascript identifier (see the standard). This validator should be used on jsoncallback parameters when doing jsonp to mitigate XSS attacks.

Validators for `Restful.Config` files

val in_map : 'a Kwrefer.SM.t -> Kwrefer.SM.key -> bool

in_map map v: valid if parameter value v is a key in the parsed refer Restful.Config file map.

Functions to Combine Validators

val conjunction : ('a -> bool) list -> 'a -> bool

conjunction list: return a predicate which is the conjunction of the validators in a list

val disjunction : ('a -> bool) list -> 'a -> bool

disjunction list: return a predicate which is the disjunction of the validators in a list