forked from lix-project/lix
Do some validation of URLs
This commit is contained in:
parent
f3eb29c653
commit
9cd63d2244
|
@ -1,4 +1,4 @@
|
||||||
PERL_MODULES = lib/Nix/Store.pm lib/Nix/Manifest.pm lib/Nix/GeneratePatches.pm lib/Nix/SSH.pm lib/Nix/CopyClosure.pm lib/Nix/Config.pm.in
|
PERL_MODULES = lib/Nix/Store.pm lib/Nix/Manifest.pm lib/Nix/GeneratePatches.pm lib/Nix/SSH.pm lib/Nix/CopyClosure.pm lib/Nix/Config.pm.in lib/Nix/Utils.pm
|
||||||
|
|
||||||
all: $(PERL_MODULES:.in=)
|
all: $(PERL_MODULES:.in=)
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ use File::Basename;
|
||||||
use IO::Select;
|
use IO::Select;
|
||||||
use Nix::Config;
|
use Nix::Config;
|
||||||
use Nix::Store;
|
use Nix::Store;
|
||||||
|
use Nix::Utils;
|
||||||
use WWW::Curl::Easy;
|
use WWW::Curl::Easy;
|
||||||
use WWW::Curl::Multi;
|
use WWW::Curl::Multi;
|
||||||
use strict;
|
use strict;
|
||||||
|
@ -249,8 +250,6 @@ sub processNARInfo {
|
||||||
return undef;
|
return undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
# FIXME: validate $url etc. for security.
|
|
||||||
|
|
||||||
# Cache the result.
|
# Cache the result.
|
||||||
$insertNAR->execute(
|
$insertNAR->execute(
|
||||||
$cache->{id}, basename($storePath), $url, $compression, $fileHash, $fileSize,
|
$cache->{id}, basename($storePath), $url, $compression, $fileHash, $fileSize,
|
||||||
|
@ -455,6 +454,7 @@ sub downloadBinary {
|
||||||
}
|
}
|
||||||
my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs
|
my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs
|
||||||
print STDERR "\n*** Downloading ‘$url’ into ‘$storePath’...\n";
|
print STDERR "\n*** Downloading ‘$url’ into ‘$storePath’...\n";
|
||||||
|
Nix::Utils::checkURL $url;
|
||||||
if (system("$Nix::Config::curl --fail --location --insecure '$url' | $decompressor | $Nix::Config::binDir/nix-store --restore $storePath") != 0) {
|
if (system("$Nix::Config::curl --fail --location --insecure '$url' | $decompressor | $Nix::Config::binDir/nix-store --restore $storePath") != 0) {
|
||||||
die "download of `$info->{url}' failed" . ($! ? ": $!" : "") . "\n" unless $? == 0;
|
die "download of `$info->{url}' failed" . ($! ? ": $!" : "") . "\n" unless $? == 0;
|
||||||
next;
|
next;
|
||||||
|
|
|
@ -4,6 +4,7 @@ use strict;
|
||||||
use Nix::Config;
|
use Nix::Config;
|
||||||
use Nix::Manifest;
|
use Nix::Manifest;
|
||||||
use Nix::Store;
|
use Nix::Store;
|
||||||
|
use Nix::Utils;
|
||||||
use POSIX qw(strftime);
|
use POSIX qw(strftime);
|
||||||
use File::Temp qw(tempdir);
|
use File::Temp qw(tempdir);
|
||||||
|
|
||||||
|
@ -306,6 +307,7 @@ while (scalar @path > 0) {
|
||||||
# Download the patch.
|
# Download the patch.
|
||||||
print STDERR " downloading patch...\n";
|
print STDERR " downloading patch...\n";
|
||||||
my $patchPath = "$tmpDir/patch";
|
my $patchPath = "$tmpDir/patch";
|
||||||
|
Nix::Utils::checkURL $patch->{url};
|
||||||
system("$curl '$patch->{url}' -o $patchPath") == 0
|
system("$curl '$patch->{url}' -o $patchPath") == 0
|
||||||
or die "cannot download patch `$patch->{url}'\n";
|
or die "cannot download patch `$patch->{url}'\n";
|
||||||
|
|
||||||
|
@ -336,6 +338,7 @@ while (scalar @path > 0) {
|
||||||
my $size = $narFile->{size} || -1;
|
my $size = $narFile->{size} || -1;
|
||||||
print LOGFILE "$$ narfile $narFile->{url} $size $v\n";
|
print LOGFILE "$$ narfile $narFile->{url} $size $v\n";
|
||||||
|
|
||||||
|
Nix::Utils::checkURL $narFile->{url};
|
||||||
if ($curStep < $maxStep) {
|
if ($curStep < $maxStep) {
|
||||||
# The archive will be used a base to a patch.
|
# The archive will be used a base to a patch.
|
||||||
system("$curl '$narFile->{url}' | $Nix::Config::bzip2 -d > $tmpNar") == 0
|
system("$curl '$narFile->{url}' | $Nix::Config::bzip2 -d > $tmpNar") == 0
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
use strict;
|
use strict;
|
||||||
use File::Temp qw(tempdir);
|
use File::Temp qw(tempdir);
|
||||||
use Nix::Config;
|
use Nix::Config;
|
||||||
|
use Nix::Utils;
|
||||||
|
|
||||||
|
|
||||||
sub usageError {
|
sub usageError {
|
||||||
|
@ -72,7 +73,7 @@ my $tmpDir = tempdir("nix-install-package.XXXXXX", CLEANUP => 1, TMPDIR => 1)
|
||||||
|
|
||||||
sub barf {
|
sub barf {
|
||||||
my $msg = shift;
|
my $msg = shift;
|
||||||
print "$msg\n";
|
print "\nInstallation failed: $msg\n";
|
||||||
<STDIN> if $interactive;
|
<STDIN> if $interactive;
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
|
@ -92,7 +93,6 @@ open PKGFILE, "<$pkgFile" or barf "cannot open `$pkgFile': $!";
|
||||||
my $contents = <PKGFILE>;
|
my $contents = <PKGFILE>;
|
||||||
close PKGFILE;
|
close PKGFILE;
|
||||||
|
|
||||||
my $urlRE = "(?: [a-zA-Z][a-zA-Z0-9\+\-\.]*\:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']+ )";
|
|
||||||
my $nameRE = "(?: [A-Za-z0-9\+\-\.\_\?\=]+ )"; # see checkStoreName()
|
my $nameRE = "(?: [A-Za-z0-9\+\-\.\_\?\=]+ )"; # see checkStoreName()
|
||||||
my $systemRE = "(?: [A-Za-z0-9\+\-\_]+ )";
|
my $systemRE = "(?: [A-Za-z0-9\+\-\_]+ )";
|
||||||
my $pathRE = "(?: \/ [\/A-Za-z0-9\+\-\.\_\?\=]* )";
|
my $pathRE = "(?: \/ [\/A-Za-z0-9\+\-\.\_\?\=]* )";
|
||||||
|
@ -101,7 +101,7 @@ my $pathRE = "(?: \/ [\/A-Za-z0-9\+\-\.\_\?\=]* )";
|
||||||
# store path. We'll let nix-env do that.
|
# store path. We'll let nix-env do that.
|
||||||
|
|
||||||
$contents =~
|
$contents =~
|
||||||
/ ^ \s* (\S+) \s+ ($urlRE) \s+ ($nameRE) \s+ ($systemRE) \s+ ($pathRE) \s+ ($pathRE) ( \s+ ($urlRE) )? /x
|
/ ^ \s* (\S+) \s+ ($Nix::Utils::urlRE) \s+ ($nameRE) \s+ ($systemRE) \s+ ($pathRE) \s+ ($pathRE) ( \s+ ($Nix::Utils::urlRE) )? /x
|
||||||
or barf "invalid package contents";
|
or barf "invalid package contents";
|
||||||
my $version = $1;
|
my $version = $1;
|
||||||
my $manifestURL = $2;
|
my $manifestURL = $2;
|
||||||
|
|
Loading…
Reference in a new issue