Merge pull request #632 from MichaelMure/data-input-cleanup

make sure every text input is safe and validated
author: Michael Muré <batolettre@gmail.com> 2021-04-17 19:40:01 +0200
committer: GitHub <noreply@github.com> 2021-04-17 19:40:01 +0200
commit: 6d1c9346cc5ff892f808a7e3dd3e01291e49a16d (patch)
tree: 9b424181369a67f69502a27186bd266a19a28506 /bug/op_set_metadata.go
parent: 62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff)
parent: 51a2c85954e77068c6afbb4ca54159086220aefd (diff)
download: git-bug-6d1c9346cc5ff892f808a7e3dd3e01291e49a16d.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/bug/op_set_metadata.go b/bug/op_set_metadata.go
index ca19a838..28496fd8 100644
--- a/bug/op_set_metadata.go
+++ b/bug/op_set_metadata.go
@@ -2,11 +2,13 @@ package bug
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/pkg/errors"
 
 	"github.com/MichaelMure/git-bug/entity"
 	"github.com/MichaelMure/git-bug/identity"
+	"github.com/MichaelMure/git-bug/util/text"
 )
 
 var _ Operation = &SetMetadataOperation{}
@@ -43,6 +45,15 @@ func (op *SetMetadataOperation) Validate() error {
 		return errors.Wrap(err, "target invalid")
 	}
 
+	for key, val := range op.NewMetadata {
+		if !text.SafeOneLine(key) {
+			return fmt.Errorf("metadata key is unsafe")
+		}
+		if !text.Safe(val) {
+			return fmt.Errorf("metadata value is not fully printable")
+		}
+	}
+
 	return nil
 }
author	Michael Muré <batolettre@gmail.com>	2021-04-17 19:40:01 +0200
committer	GitHub <noreply@github.com>	2021-04-17 19:40:01 +0200
commit	6d1c9346cc5ff892f808a7e3dd3e01291e49a16d (patch)
tree	9b424181369a67f69502a27186bd266a19a28506 /bug/op_set_metadata.go
parent	62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff)
parent	51a2c85954e77068c6afbb4ca54159086220aefd (diff)
download	git-bug-6d1c9346cc5ff892f808a7e3dd3e01291e49a16d.tar.gz