Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-07 05:55:44 +01:00
Code Issues Packages Projects Releases Activity

Validate filepath and filename to prevent path traversal (#1604)

Browse Source 
Validate filepath and filename to prevent path traversal in modification
command and provide validations for editor plugin.

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
This commit is contained in:
Eduard Heimbuch
2021-03-25 12:50:24 +01:00
committed by GitHub
parent 08549a37b1
commit d94ebb2e3e
12 changed files with 169 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
scm-ui/ui-components/src/validation.ts
View File

@@ -44,10 +44,11 @@ export const isNumberValid = (number: any) => {
return !isNaN(number);
};
const pathRegex = /^((?!\/{2,}).)*$/;
export const isPathValid = (path: string) => {
return pathRegex.test(path);
return path !== "."
&& !path.includes("../")
&& !path.includes("//")
&& path !== "..";
};
const urlRegex = /^[A-Za-z0-9]+:\/\/[^\s$.?#].[^\s]*$/;
@@ -55,3 +56,9 @@ const urlRegex = /^[A-Za-z0-9]+:\/\/[^\s$.?#].[^\s]*$/;
export const isUrlValid = (url: string) => {
return urlRegex.test(url);
};
const filenameRegex = /^[^/\\:]+$/;
export const isFilenameValid = (filename: string) => {
return filenameRegex.test(filename) && filename !== "." && filename !== ".." && !filename.includes("./");
};