Security/url validation#8
Open
cedric-appdirect wants to merge 3 commits into
Open
Conversation
Add url-validator module with two exported functions:
- validateGitUrl: allowlist of URL schemes (https, http, git@, ssh, file),
leading-dash rejection, control-character rejection, and post-scheme
authority validation to block ssh://-oProxyCommand attacks.
- validateGitRef: strict character allowlist for branch/tag/SHA refs,
leading-dash rejection, and range-operator (..) rejection. Excludes
revision operators (^, ~, {, }, :) that are not ref names.
57 new tests covering valid inputs, flag injection, unsupported schemes,
control characters, SSH authority injection, git@ hostname edge cases,
and git revision operator rejection.
This is groundwork — follow-up PRs wire the validators into the config
schema (PR 2) and git command invocations (PR 3).
Assisted-by: OpenCode with claude-opus-4-7
Wire validateGitUrl and validateGitRef into RepositoryConfigSchema via Zod .refine() calls. Dangerous URLs (flag injection, unsupported schemes, SSH authority injection) and refs (flag injection, shell metacharacters, range operators) are now rejected at config parse time. 9 new test cases covering dangerous URLs and refs at the schema layer. Assisted-by: OpenCode with claude-opus-4-7
…-- separator Defense-in-depth against git flag injection: - git clone: add --no-template to prevent --template= injection which is the primary code-execution vector via git hook scripts - git checkout: add -- separator to prevent ref names starting with '-' from being interpreted as git flags The schema-layer validation (PR 2) is the primary guard; these changes provide belt-and-braces protection at the invocation layer. Assisted-by: OpenCode with claude-opus-4-7 Signed-off-by: Cedric BAIL <cedric.bail@appdirect.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.