Sprig functions

Adding gotmpl4j-sprig to the classpath registers the Sprig function library via ServiceLoader — no wiring required. These are the same functions Helm templates rely on. See the gotmpl4j-sprig API for the function-provider classes.

1. Categories

Category Examples

Strings

upper, lower, title, trim, trimAll, repeat, replace, substr, indent, nindent, quote, wrap, regexMatch, regexReplaceAll

Lists

list, first, last, rest, initial, append, prepend, concat, reverse, uniq, without, compact, slice, has

Dicts

dict, get, set, unset, hasKey, keys, values, pick, omit, merge, deepCopy

Math

add, sub, mul, div, mod, max, min, floor, ceil, round, seq, until

Conversion / defaults

default, empty, coalesce, ternary, toString, toJson, toYaml, atoi, int, float64

Encoding

b64enc, b64dec, b32enc, b32dec

Crypto

sha1sum, sha256sum, adler32sum, bcrypt, genPrivateKey, genCA, genSignedCert, encryptAES, derivePassword, randAlphaNum, uuidv4

Date

now, date, dateInZone, dateModify, duration, ago, unixEpoch, toDate

Semver

semver, semverCompare

Reflection

typeOf, kindOf, typeIs, deepEqual

Network / path

getHostByName, base, dir, ext, clean, isAbs, osBase, osDir

2. Strict (must) variants

Functions that can fail come in two forms. The plain form (fromJson, toJson, index, append, …) is lenient and returns a zero value on error, matching Sprig’s "graceful" behavior. The must form (mustFromJson, mustToJson, mustIndex, …) raises an error instead, so failures surface rather than silently producing empty output.

3. Example

{{ .name | default "anonymous" | title }}
{{ list 3 1 2 | sortAlpha | join "," }}
{{ dict "a" 1 "b" 2 | toJson }}
{{ now | date "2006-01-02" }}

A handful of functions diverge intentionally from upstream Sprig where the JVM and Go differ (for example, regular expressions use Java’s engine rather than Go’s RE2, and some date layouts map approximately). See Conformance for how parity is measured and where divergences are pinned.

4. Security considerations

Templates are code. Treat a template from an untrusted source as you would untrusted code — the function library gives it real capabilities:

  • getHostByName performs a DNS resolution of whatever name the template supplies. It is the only function that touches the network; there is no HTTP/file/exec function in the library (no httpGet, no shell-out).

  • The crypto functions (bcrypt, genPrivateKey, genCA, genSignedCert, encryptAES, derivePassword, …) and the random generators (randAlphaNum, uuidv4, …) compute on the inputs the template passes; they read no ambient secrets, but a rendered result may contain generated key material, so handle the output accordingly.

  • Regular expressions are backtracking, not RE2. The regex* functions (regexMatch, regexFindAll, regexReplaceAll, regexSplit, and their must/Literal variants) compile the supplied pattern with java.util.regex, which — unlike Go’s RE2 that upstream Sprig uses — backtracks and has no match timeout. A pathological pattern over attacker-influenced text can hang a thread (ReDoS). For untrusted input, validate or size-bound the pattern and the subject, or run matching under a watchdog. Pattern syntax also differs (Java regex vs RE2), so a few expressions behave differently than under Go.

  • Size-driven allocation is unbounded. repeat, indent/nindent, and the randAscii/randAlphaNum/randNumeric/randBytes generators allocate in proportion to a caller-supplied count — {{ repeat 2000000000 "xx" }} exhausts memory (or overflows int). This matches upstream Sprig (fine for trusted templates); cap the count yourself before passing it on if the template is untrusted.

Don’t render untrusted templates against sensitive data models, and enable HTML auto-escaping (GoTemplate.builder().htmlEscaping()) when the output is served as HTML.