From 89dccbb9b098292a615e0f99321691c96257f4c4 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sun, 9 Jun 2024 19:57:50 +0100 Subject: Validate derivation names for builds As I've managed to submit derivation names with \r in. --- guix-build-coordinator/client-communication.scm | 16 ++++++++++++++++ guix-build-coordinator/coordinator.scm | 13 +++++++++++++ 2 files changed, 29 insertions(+) (limited to 'guix-build-coordinator') diff --git a/guix-build-coordinator/client-communication.scm b/guix-build-coordinator/client-communication.scm index 2ea7ce2..6724e7c 100644 --- a/guix-build-coordinator/client-communication.scm +++ b/guix-build-coordinator/client-communication.scm @@ -461,6 +461,22 @@ (simple-format #f "derivation must be a string: ~A\n" derivation)))) + (unless (derivation-path? derivation-file) + (raise-exception + (make-exception-with-message + "invalid derivation path"))) + + (string-for-each + (lambda (c) + (unless (or (char-alphabetic? c) + (char-numeric? c) + (member c '(#\+ #\- #\. #\_ #\? #\=))) + (raise-exception + (make-exception-with-message + (simple-format #f "invalid character in derivation name: ~A" + c))))) + (store-path-base derivation-file)) + (define (read-drv/substitute derivation-file) (with-store/non-blocking store (unless (valid-path? store derivation-file) diff --git a/guix-build-coordinator/coordinator.scm b/guix-build-coordinator/coordinator.scm index 9e5987f..42d5600 100644 --- a/guix-build-coordinator/coordinator.scm +++ b/guix-build-coordinator/coordinator.scm @@ -755,6 +755,19 @@ (build-coordinator-metrics-registry build-coordinator) "coordinator_submit_build_duration_seconds" (lambda () + (unless (derivation-path? derivation-file) + (raise-exception + (make-client-error 'invalid-derivation-file))) + + (string-for-each + (lambda (c) + (unless (or (char-alphabetic? c) + (char-numeric? c) + (member c '(#\+ #\- #\. #\_ #\? #\=))) + (raise-exception + (make-client-error 'invalid-character-in-derivation-file)))) + (store-path-base derivation-file)) + (match (check-whether-to-store-build) ('continue ;; Store the derivation first, so that listing related derivations -- cgit v1.2.3