From 51a2c85954e77068c6afbb4ca54159086220aefd Mon Sep 17 00:00:00 2001
From: Michael Muré <batolettre@gmail.com>
Date: Sat, 17 Apr 2021 17:40:11 +0200
Subject: make sure every text input is safe and validated

fix #630
---
 bug/op_set_metadata.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'bug/op_set_metadata.go')

diff --git a/bug/op_set_metadata.go b/bug/op_set_metadata.go
index ca19a838..28496fd8 100644
--- a/bug/op_set_metadata.go
+++ b/bug/op_set_metadata.go
@@ -2,11 +2,13 @@ package bug
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/pkg/errors"
 
 	"github.com/MichaelMure/git-bug/entity"
 	"github.com/MichaelMure/git-bug/identity"
+	"github.com/MichaelMure/git-bug/util/text"
 )
 
 var _ Operation = &SetMetadataOperation{}
@@ -43,6 +45,15 @@ func (op *SetMetadataOperation) Validate() error {
 		return errors.Wrap(err, "target invalid")
 	}
 
+	for key, val := range op.NewMetadata {
+		if !text.SafeOneLine(key) {
+			return fmt.Errorf("metadata key is unsafe")
+		}
+		if !text.Safe(val) {
+			return fmt.Errorf("metadata value is not fully printable")
+		}
+	}
+
 	return nil
 }
 
-- 
cgit