diff options
| author | Malfurious <m@lfurio.us> | 2023-09-09 12:14:27 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2023-09-10 04:47:40 -0400 |
| commit | 05bcbcb268d98279b8c6731689b45db9be3be86a (patch) | |
| tree | 6c915f3a94ce12fe09671d59e6958b2e2fdbdd77 /acid/cyche-source | |
| parent | 7aba2b2be7ed8129e98205a58a637c388bccca51 (diff) | |
| download | cychedelic-05bcbcb268d98279b8c6731689b45db9be3be86a.tar.gz cychedelic-05bcbcb268d98279b8c6731689b45db9be3be86a.zip | |
acid: Sanitize filename inputs from the config
Prevent the creation or access of unintended files in the ACID
container. Also, assert that names are valid for docker before
attempting to deploy images.
Signed-off-by: Malfurious <m@lfurio.us>
Diffstat (limited to 'acid/cyche-source')
| -rwxr-xr-x | acid/cyche-source | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/acid/cyche-source b/acid/cyche-source index ee4caca..7dca756 100755 --- a/acid/cyche-source +++ b/acid/cyche-source @@ -25,6 +25,12 @@ gethash() { cd '/services' +# For <name>, limit to a-z, 0-9, -, _ +if ! echo "$1" | grep -Eq '^[-_a-z0-9]*$'; then + echo "Bad service name: $1" >&2 + exit 2 +fi + if ! [ -d "$1" ]; then git clone "$2" "$1" >&2 || exit 2 touch "$1/.git/previous_hash" |