diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-02-11 17:31:30 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-02-11 17:31:30 +0800 |
| commit | 1486b0df1b04adc32e9207b836513226e8015b3e (patch) | |
| tree | 60e7b9cfdab457a92654c24150bbeb1658d10d29 | |
| parent | go.mod: Bump dependencies (diff) | |
| download | forge-1486b0df1b04adc32e9207b836513226e8015b3e.tar.gz forge-1486b0df1b04adc32e9207b836513226e8015b3e.tar.zst forge-1486b0df1b04adc32e9207b836513226e8015b3e.zip | |
git_misc: Sanitize paths
| -rw-r--r-- | git_misc.go | 10 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 |
3 files changed, 13 insertions, 3 deletions
diff --git a/git_misc.go b/git_misc.go index a5bcc9e..3aded4f 100644 --- a/git_misc.go +++ b/git_misc.go @@ -12,7 +12,17 @@ import ( "go.lindenii.runxiyu.org/lindenii-common/misc" ) +var err_unsafe_path = errors.New("Unsafe path") + func open_git_repo(group_name, repo_name string) (*git.Repository, error) { + group_name, group_name_ok := misc.Sanitize_path(group_name) + if !group_name_ok { + return nil, err_unsafe_path + } + repo_name, repo_name_ok := misc.Sanitize_path(repo_name) + if !repo_name_ok { + return nil, err_unsafe_path + } return git.PlainOpen(filepath.Join(config.Git.Root, group_name, repo_name+".git")) } @@ -7,7 +7,7 @@ require ( github.com/go-git/go-git/v5 v5.13.2 github.com/microcosm-cc/bluemonday v1.0.27 github.com/yuin/goldmark v1.7.8 - go.lindenii.runxiyu.org/lindenii-common v0.0.0-20250211092501-f6937cf286bb + go.lindenii.runxiyu.org/lindenii-common v0.0.0-20250211092902-f64ead6a659e ) require ( @@ -85,8 +85,8 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic= github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -go.lindenii.runxiyu.org/lindenii-common v0.0.0-20250211092501-f6937cf286bb h1:WGFgTSEFev3Og9osOVUMTe/9GOf43JFiYPuv9Rj+bHE= -go.lindenii.runxiyu.org/lindenii-common v0.0.0-20250211092501-f6937cf286bb/go.mod h1:bOxuuGXA3UpbLb1lKohr2j2MVcGGLcqfAprGx9VCkMA= +go.lindenii.runxiyu.org/lindenii-common v0.0.0-20250211092902-f64ead6a659e h1:Gb58k5z3NjOWdYMBvZaTLG4IWY6HcCVkwPz/J0lFKT0= +go.lindenii.runxiyu.org/lindenii-common v0.0.0-20250211092902-f64ead6a659e/go.mod h1:bOxuuGXA3UpbLb1lKohr2j2MVcGGLcqfAprGx9VCkMA= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= |