Validate derivation names for builds

As I've managed to submit derivation names with \r in.
author: Christopher Baines <mail@cbaines.net> 2024-06-09 19:57:50 +0100
committer: Christopher Baines <mail@cbaines.net> 2024-06-09 21:39:56 +0100
commit: 89dccbb9b098292a615e0f99321691c96257f4c4 (patch)
tree: ba6fb149735ae983ad74b363fe693d1e2713e9d5 /guix-build-coordinator
parent: 874ad02c862f2be068537588d3365749a1796400 (diff)
download: build-coordinator-89dccbb9b098292a615e0f99321691c96257f4c4.tar
build-coordinator-89dccbb9b098292a615e0f99321691c96257f4c4.tar.gz
2 files changed, 29 insertions, 0 deletions
diff --git a/guix-build-coordinator/client-communication.scm b/guix-build-coordinator/client-communication.scm
index 2ea7ce2..6724e7c 100644
--- a/guix-build-coordinator/client-communication.scm
+++ b/guix-build-coordinator/client-communication.scm
@@ -461,6 +461,22 @@
              (simple-format #f "derivation must be a string: ~A\n"
                             derivation))))
 
+         (unless (derivation-path? derivation-file)
+           (raise-exception
+            (make-exception-with-message
+             "invalid derivation path")))
+
+         (string-for-each
+          (lambda (c)
+            (unless (or (char-alphabetic? c)
+                        (char-numeric? c)
+                        (member c '(#\+ #\- #\. #\_ #\? #\=)))
+              (raise-exception
+               (make-exception-with-message
+                (simple-format #f "invalid character in derivation name: ~A"
+                               c)))))
+          (store-path-base derivation-file))
+
          (define (read-drv/substitute derivation-file)
            (with-store/non-blocking store
              (unless (valid-path? store derivation-file)
diff --git a/guix-build-coordinator/coordinator.scm b/guix-build-coordinator/coordinator.scm
index 9e5987f..42d5600 100644
--- a/guix-build-coordinator/coordinator.scm
+++ b/guix-build-coordinator/coordinator.scm
@@ -755,6 +755,19 @@
    (build-coordinator-metrics-registry build-coordinator)
    "coordinator_submit_build_duration_seconds"
    (lambda ()
+     (unless (derivation-path? derivation-file)
+       (raise-exception
+        (make-client-error 'invalid-derivation-file)))
+
+     (string-for-each
+      (lambda (c)
+        (unless (or (char-alphabetic? c)
+                    (char-numeric? c)
+                    (member c '(#\+ #\- #\. #\_ #\? #\=)))
+          (raise-exception
+           (make-client-error 'invalid-character-in-derivation-file))))
+      (store-path-base derivation-file))
+
      (match (check-whether-to-store-build)
        ('continue
         ;; Store the derivation first, so that listing related derivations
author	Christopher Baines <mail@cbaines.net>	2024-06-09 19:57:50 +0100
committer	Christopher Baines <mail@cbaines.net>	2024-06-09 21:39:56 +0100
commit	89dccbb9b098292a615e0f99321691c96257f4c4 (patch)
tree	ba6fb149735ae983ad74b363fe693d1e2713e9d5 /guix-build-coordinator
parent	874ad02c862f2be068537588d3365749a1796400 (diff)
download	build-coordinator-89dccbb9b098292a615e0f99321691c96257f4c4.tar build-coordinator-89dccbb9b098292a615e0f99321691c96257f4c4.tar.gz