Is the following sufficient to check that a path is not malicious, and is the validation against these rules correct:
