diff --git a/internal/common/constants.go b/internal/common/constants.go index bc626ba..1ec0473 100644 --- a/internal/common/constants.go +++ b/internal/common/constants.go @@ -65,6 +65,8 @@ var ( AuthServerClient gocloak.GoCloak // ID_REGEXP is the regexp used to check if a Id is valid ID_REGEXP = regexp.MustCompile("^[a-zA-Z0-9-_]+$") + // REMOTE_SOURCE_REGEXP is the regexp used to check if a remote source is valid + REMOTE_SOURCE_REGEXP = regexp.MustCompile(`^git\+(https|ssh)://[a-zA-Z0-9]+([\-\.]{1}[a-zA-Z0-9]+)*\.[a-zA-Z]{2,5}(:[0-9]{1,5})?(\/.*)?$`) // INVALID_NAME_CHARS_REGEXP is the regexp used to replace invalid name characters with hyphen INVALID_NAME_CHARS_REGEXP = regexp.MustCompile("[^a-z0-9-]") // AUTHZ_HEADER is the authorization header diff --git a/internal/common/utils.go b/internal/common/utils.go index 18bc875..8e4bccd 100644 --- a/internal/common/utils.go +++ b/internal/common/utils.go @@ -123,6 +123,11 @@ func IsValidId(id string) bool { return ID_REGEXP.MatchString(id) } +// IsRemoteSource returns true if the provided remoteSource is valid +func IsRemoteSource(remoteSource string) bool { + return REMOTE_SOURCE_REGEXP.MatchString(remoteSource) +} + // IsStringPresent checks if a value is present in a slice func IsStringPresent(list []string, value string) bool { for _, val := range list { diff --git a/internal/move2kubeapi/handlers/plan.go b/internal/move2kubeapi/handlers/plan.go index 98818de..9fbc004 100644 --- a/internal/move2kubeapi/handlers/plan.go +++ b/internal/move2kubeapi/handlers/plan.go @@ -39,8 +39,13 @@ func HandleStartPlanning(w http.ResponseWriter, r *http.Request) { sendErrorJSON(w, "invalid id", http.StatusBadRequest) return } - debugMode := r.URL.Query().Get(DEBUG_QUERY_PARAM) == "true" remoteSource := r.URL.Query().Get(REMOTE_SOURCE_QUERY_PARAM) + if remoteSource != "" && !common.IsRemoteSource(remoteSource) { + logrus.Errorf("invalid remote source format; not matching regexp %s. Actual: %s", common.REMOTE_SOURCE_REGEXP, remoteSource) + sendErrorJSON(w, "invalid remote source format", http.StatusBadRequest) + return + } + debugMode := r.URL.Query().Get(DEBUG_QUERY_PARAM) == "true" if err := m2kFS.StartPlanning(workspaceId, projectId, remoteSource, debugMode); err != nil { logrus.Errorf("failed to start plan generation. Error: %q", err) if _, ok := err.(types.ErrorDoesNotExist); ok {