2 files changed, 15 insertions, 0 deletions

diff --git a/app/jobs/govuk_guix/fetch_revision_job.rb b/app/jobs/govuk_guix/fetch_revision_job.rb
index 7b1acdf..0265c6e 100644
--- a/app/jobs/govuk_guix/fetch_revision_job.rb
+++ b/app/jobs/govuk_guix/fetch_revision_job.rb
@@ -53,6 +53,10 @@ class GovukGuix::FetchRevisionJob < Que::Job
     store_path = output.last.strip
     logger.debug(self.class) { "store_path: #{store_path}" }
 
+    unless Guix.valid_store_path? store_path
+      raise "Invalid store path: #{store_path}"
+    end
+
     backend.add_in_use_store_path(store_path) if backend
 
     GovukGuix::Revision.transaction do
diff --git a/app/services/govuk_guix/update_gcroots_directory.rb b/app/services/govuk_guix/update_gcroots_directory.rb
index 97fe703..7f70da6 100644
--- a/app/services/govuk_guix/update_gcroots_directory.rb
+++ b/app/services/govuk_guix/update_gcroots_directory.rb
@@ -24,6 +24,11 @@ module GovukGuix::UpdateGcrootsDirectory
   DIRECTORY = '/var/guix/gcroots/govuk-mini-environment-admin'
 
   def self.set_in_use_store_paths(store_paths, options = {})
+    store_paths.each do |store_path|
+      raise "Invalid store path #{store_path}" \
+        unless Guix.valid_store_path?(store_path)
+    end
+
     current_store_paths = list_store_paths(options)
 
     (current_store_paths - store_paths).each do |store_path|
@@ -36,6 +41,9 @@ module GovukGuix::UpdateGcrootsDirectory
   end
 
   def self.add_store_path(store_path, options = {})
+    raise "Invalid store path #{store_path}" \
+      unless Guix.valid_store_path?(store_path)
+
     run_command(
       'ln', '-s',
       store_path,
@@ -45,6 +53,9 @@ module GovukGuix::UpdateGcrootsDirectory
   end
 
   def self.remove_store_path(store_path, options = {})
+    raise "Invalid store path #{store_path}" \
+      unless Guix.valid_store_path?(store_path)
+
     run_command(
       'rm', File.join(DIRECTORY, store_path['/gnu/store/'.length..-1]),
       run_remotely_on_host: options[:run_remotely_on_host]