diff options
author | Michael Muré <batolettre@gmail.com> | 2021-04-17 17:40:11 +0200 |
---|---|---|
committer | Michael Muré <batolettre@gmail.com> | 2021-04-17 17:40:11 +0200 |
commit | 51a2c85954e77068c6afbb4ca54159086220aefd (patch) | |
tree | 9b424181369a67f69502a27186bd266a19a28506 /bug | |
parent | 62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff) | |
download | git-bug-51a2c85954e77068c6afbb4ca54159086220aefd.tar.gz |
make sure every text input is safe and validated
fix #630
Diffstat (limited to 'bug')
-rw-r--r-- | bug/label.go | 9 | ||||
-rw-r--r-- | bug/op_create.go | 8 | ||||
-rw-r--r-- | bug/op_set_metadata.go | 11 | ||||
-rw-r--r-- | bug/op_set_title.go | 17 |
4 files changed, 19 insertions, 26 deletions
diff --git a/bug/label.go b/bug/label.go index 9d1e99a7..79b5f591 100644 --- a/bug/label.go +++ b/bug/label.go @@ -4,7 +4,6 @@ import ( "crypto/sha256" "fmt" "image/color" - "strings" fcolor "github.com/fatih/color" @@ -58,12 +57,8 @@ func (l Label) Validate() error { return fmt.Errorf("empty") } - if strings.Contains(str, "\n") { - return fmt.Errorf("should be a single line") - } - - if !text.Safe(str) { - return fmt.Errorf("not fully printable") + if !text.SafeOneLine(str) { + return fmt.Errorf("label has unsafe characters") } return nil diff --git a/bug/op_create.go b/bug/op_create.go index 75b60bd8..1d01020c 100644 --- a/bug/op_create.go +++ b/bug/op_create.go @@ -3,7 +3,6 @@ package bug import ( "encoding/json" "fmt" - "strings" "github.com/MichaelMure/git-bug/entity" "github.com/MichaelMure/git-bug/entity/dag" @@ -94,11 +93,8 @@ func (op *CreateOperation) Validate() error { if text.Empty(op.Title) { return fmt.Errorf("title is empty") } - if strings.Contains(op.Title, "\n") { - return fmt.Errorf("title should be a single line") - } - if !text.Safe(op.Title) { - return fmt.Errorf("title is not fully printable") + if !text.SafeOneLine(op.Title) { + return fmt.Errorf("title has unsafe characters") } if !text.Safe(op.Message) { diff --git a/bug/op_set_metadata.go b/bug/op_set_metadata.go index ca19a838..28496fd8 100644 --- a/bug/op_set_metadata.go +++ b/bug/op_set_metadata.go @@ -2,11 +2,13 @@ package bug import ( "encoding/json" + "fmt" "github.com/pkg/errors" "github.com/MichaelMure/git-bug/entity" "github.com/MichaelMure/git-bug/identity" + "github.com/MichaelMure/git-bug/util/text" ) var _ Operation = &SetMetadataOperation{} @@ -43,6 +45,15 @@ func (op *SetMetadataOperation) Validate() error { return errors.Wrap(err, "target invalid") } + for key, val := range op.NewMetadata { + if !text.SafeOneLine(key) { + return fmt.Errorf("metadata key is unsafe") + } + if !text.Safe(val) { + return fmt.Errorf("metadata value is not fully printable") + } + } + return nil } diff --git a/bug/op_set_title.go b/bug/op_set_title.go index c6a26746..badd192c 100644 --- a/bug/op_set_title.go +++ b/bug/op_set_title.go @@ -3,7 +3,6 @@ package bug import ( "encoding/json" "fmt" - "strings" "github.com/MichaelMure/git-bug/entity" "github.com/MichaelMure/git-bug/identity" @@ -49,20 +48,12 @@ func (op *SetTitleOperation) Validate() error { return fmt.Errorf("title is empty") } - if strings.Contains(op.Title, "\n") { - return fmt.Errorf("title should be a single line") + if !text.SafeOneLine(op.Title) { + return fmt.Errorf("title has unsafe characters") } - if !text.Safe(op.Title) { - return fmt.Errorf("title should be fully printable") - } - - if strings.Contains(op.Was, "\n") { - return fmt.Errorf("previous title should be a single line") - } - - if !text.Safe(op.Was) { - return fmt.Errorf("previous title should be fully printable") + if !text.SafeOneLine(op.Was) { + return fmt.Errorf("previous title has unsafe characters") } return nil |