[snowpatch] [PATCH] utils: Make sanitise_path() sanitise harder
Andrew Donnellan
andrew.donnellan at au1.ibm.com
Wed Sep 12 14:55:30 AEST 2018
The current list of characters to sanitise in sanitise_path() is
incomplete, as we learned when we saw a build fail because someone had
included < in their patch summary.
Rather than maintain a list of dangerous characters which might be
problematic, let's just attack this with a giant hammer and filter
everything that's not alphanumeric as defined by Rust.
Closes: #48 ("Normalise branch names to reduce shell injection vulnerabilities")
Signed-off-by: Andrew Donnellan <andrew.donnellan at au1.ibm.com>
---
src/utils.rs | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/src/utils.rs b/src/utils.rs
index 5f791afd59eb..ec98bb49bbb9 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -14,18 +14,5 @@
//
pub fn sanitise_path(path: &str) -> String {
- path.replace("/", "_")
- .replace("\\", "_")
- .replace(".", "_")
- .replace("~", "_")
- .replace(" ", "_")
- .replace(":", "")
- .replace("[", "_")
- .replace("]", "_")
- .replace("'", "")
- .replace("\"", "")
- .replace("(", "_")
- .replace(")", "_")
- .replace("*", "_")
- .replace("?", "_")
+ path.replace(|c: char| !c.is_alphanumeric(), "_")
}
--
2.11.0
More information about the snowpatch
mailing list