mirror of
https://github.com/FiloSottile/age.git
synced 2026-01-06 20:16:20 +00:00
plugin: restrict characters in plugin names
Thanks to ⬡-49016 for reporting this issue. Fixes GHSA-32gq-x56h-299c
This commit is contained in:
Filippo Valsorda
@@ -15,6 +15,7 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
exec "golang.org/x/sys/execabs"
|
||||
@@ -178,6 +179,9 @@ func NewIdentity(s string, ui *ClientUI) (*Identity, error) {
|
||||
|
||||
func NewIdentityWithoutData(name string, ui *ClientUI) (*Identity, error) {
|
||||
s := EncodeIdentity(name, nil)
|
||||
if s == "" {
|
||||
return nil, fmt.Errorf("invalid plugin name: %q", name)
|
||||
}
|
||||
return &Identity{
|
||||
name: name, encoding: s, ui: ui,
|
||||
}, nil
|
||||
@@ -390,6 +394,8 @@ func openClientConnection(name, protocol string) (*clientConnection, error) {
|
||||
path := "age-plugin-" + name
|
||||
if testOnlyPluginPath != "" {
|
||||
path = filepath.Join(testOnlyPluginPath, path)
|
||||
} else if strings.ContainsRune(name, os.PathSeparator) {
|
||||
return nil, fmt.Errorf("invalid plugin name: %q", name)
|
||||
}
|
||||
cmd := exec.Command(path, "--age-plugin="+protocol)
|
||||
|
||||
|
||||
@@ -14,6 +14,9 @@ import (
|
||||
// EncodeIdentity encodes a plugin identity string for a plugin with the given
|
||||
// name. If the name is invalid, it returns an empty string.
|
||||
func EncodeIdentity(name string, data []byte) string {
|
||||
if !validPluginName(name) {
|
||||
return ""
|
||||
}
|
||||
s, _ := bech32.Encode("AGE-PLUGIN-"+strings.ToUpper(name)+"-", data)
|
||||
return s
|
||||
}
|
||||
@@ -30,12 +33,18 @@ func ParseIdentity(s string) (name string, data []byte, err error) {
|
||||
}
|
||||
name = strings.TrimSuffix(strings.TrimPrefix(hrp, "AGE-PLUGIN-"), "-")
|
||||
name = strings.ToLower(name)
|
||||
if !validPluginName(name) {
|
||||
return "", nil, fmt.Errorf("invalid plugin name: %q", name)
|
||||
}
|
||||
return name, data, nil
|
||||
}
|
||||
|
||||
// EncodeRecipient encodes a plugin recipient string for a plugin with the given
|
||||
// name. If the name is invalid, it returns an empty string.
|
||||
func EncodeRecipient(name string, data []byte) string {
|
||||
if !validPluginName(name) {
|
||||
return ""
|
||||
}
|
||||
s, _ := bech32.Encode("age1"+strings.ToLower(name), data)
|
||||
return s
|
||||
}
|
||||
@@ -51,5 +60,21 @@ func ParseRecipient(s string) (name string, data []byte, err error) {
|
||||
return "", nil, fmt.Errorf("not a plugin recipient: %v", err)
|
||||
}
|
||||
name = strings.TrimPrefix(hrp, "age1")
|
||||
if !validPluginName(name) {
|
||||
return "", nil, fmt.Errorf("invalid plugin name: %q", name)
|
||||
}
|
||||
return name, data, nil
|
||||
}
|
||||
|
||||
func validPluginName(name string) bool {
|
||||
if name == "" {
|
||||
return false
|
||||
}
|
||||
allowed := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-._"
|
||||
for _, r := range name {
|
||||
if !strings.ContainsRune(allowed, r) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user