From f9b49dc2849a07cb5efee77046e1a0e0e88c1792 Mon Sep 17 00:00:00 2001 From: Daniel Brodie Date: Tue, 4 Nov 2025 14:47:35 +0200 Subject: [PATCH] Allow dots in SSH usernames MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SSH usernames commonly include dots (e.g., first.last) which are valid according to most Unix systems. The previous validation incorrectly rejected usernames containing dots. Changes: - Update ValidateSSHUser regex to allow dots in usernames - Add test cases for usernames with single and multiple dots - Update error message to reflect dot is now allowed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- internal/security/validation.go | 6 +++--- internal/security/validation_test.go | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/internal/security/validation.go b/internal/security/validation.go index 437c980..4354d56 100644 --- a/internal/security/validation.go +++ b/internal/security/validation.go @@ -188,10 +188,10 @@ func (iv *InputValidator) ValidateSSHUser(username string) error { return fmt.Errorf("SSH username too long: %d characters (max %d)", len(username), MaxSSHUserLength) } - // SSH usernames should only contain alphanumeric characters, hyphens, and underscores - validUserRegex := regexp.MustCompile(`^[a-zA-Z0-9_\-]+$`) + // SSH usernames should only contain alphanumeric characters, hyphens, underscores, and dots + validUserRegex := regexp.MustCompile(`^[a-zA-Z0-9_\-\.]+$`) if !validUserRegex.MatchString(username) { - return fmt.Errorf("SSH username contains invalid characters (only alphanumeric, hyphen, underscore allowed)") + return fmt.Errorf("SSH username contains invalid characters (only alphanumeric, hyphen, underscore, dot allowed)") } // Cannot start with hyphen or number diff --git a/internal/security/validation_test.go b/internal/security/validation_test.go index 00ec7e4..be45798 100644 --- a/internal/security/validation_test.go +++ b/internal/security/validation_test.go @@ -191,6 +191,8 @@ func TestValidateSSHUser(t *testing.T) { {"valid_with_hyphen", "user-name", false, ""}, {"valid_with_numbers", "user123", false, ""}, {"valid_mixed", "my_user-123", false, ""}, + {"valid_with_dot", "user.name", false, ""}, + {"valid_with_multiple_dots", "first.last.name", false, ""}, // Invalid usernames {"empty_username", "", true, "cannot be empty"}, @@ -199,7 +201,6 @@ func TestValidateSSHUser(t *testing.T) { {"starts_with_number", "1user", true, "cannot start with hyphen or number"}, {"invalid_chars_space", "user name", true, "invalid characters"}, {"invalid_chars_special", "user@host", true, "invalid characters"}, - {"invalid_chars_dot", "user.name", true, "invalid characters"}, {"invalid_chars_slash", "user/name", true, "invalid characters"}, }