Change to using govalidator to check for email

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
sigstore · Sep 26, 2022 · 9eeea6f · 9eeea6f
1 parent 9f1b55e
commit 9eeea6f
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 9 deletions.
diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	cloud.google.com/go/security v1.7.0
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/ThalesIgnite/crypto11 v1.2.5
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/fsnotify/fsnotify v1.5.4
 	github.com/goadesign/goa v2.2.5+incompatible

diff --git a/go.sum b/go.sum
@@ -183,6 +183,8 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
 github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=

diff --git a/pkg/identity/email/principal.go b/pkg/identity/email/principal.go
@@ -19,8 +19,8 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"regexp"
 
+	"github.com/asaskevich/govalidator"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/sigstore/fulcio/pkg/certificate"
 	"github.com/sigstore/fulcio/pkg/config"
@@ -42,8 +42,7 @@ func PrincipalFromIDToken(ctx context.Context, token *oidc.IDToken) (identity.Pr
 		return nil, errors.New("email_verified claim was false")
 	}
 
-	emailRegex := regexp.MustCompile(`^.+@.+\..+$`)
-	if !emailRegex.MatchString(emailAddress) {
+	if !govalidator.IsEmail(emailAddress) {
 		return nil, fmt.Errorf("email address is not valid")
 	}
 

diff --git a/pkg/identity/uri/principal.go b/pkg/identity/uri/principal.go
@@ -20,8 +20,8 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
-	"regexp"
 
+	"github.com/asaskevich/govalidator"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/sigstore/fulcio/pkg/certificate"
 	"github.com/sigstore/fulcio/pkg/config"
@@ -41,8 +41,7 @@ func PrincipalFromIDToken(ctx context.Context, token *oidc.IDToken) (identity.Pr
 		return nil, errors.New("invalid configuration for OIDC ID Token issuer")
 	}
 
-	emailRegex := regexp.MustCompile(`^.+@.+\..+$`)
-	if emailRegex.MatchString(uriWithSubject) {
+	if govalidator.IsEmail(uriWithSubject) {
 		return nil, fmt.Errorf("uri subject should not be an email address")
 	}
 

diff --git a/pkg/identity/username/principal.go b/pkg/identity/username/principal.go
@@ -20,9 +20,9 @@ import (
 	"crypto/x509/pkix"
 	"errors"
 	"fmt"
-	"regexp"
 	"strings"
 
+	"github.com/asaskevich/govalidator"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/sigstore/fulcio/pkg/certificate"
 	"github.com/sigstore/fulcio/pkg/config"
@@ -42,8 +42,7 @@ func PrincipalFromIDToken(ctx context.Context, token *oidc.IDToken) (identity.Pr
 		return nil, errors.New("username cannot contain ! character")
 	}
 
-	emailRegex := regexp.MustCompile(`^.+@.+\..+$`)
-	if emailRegex.MatchString(username) {
+	if govalidator.IsEmail(username) {
 		return nil, fmt.Errorf("uri subject should not be an email address")
 	}