mirror of
https://github.com/git-pkgs/proxy.git
synced 2026-06-02 08:38:17 -04:00
37cc7abfc7The wildcard package routes (/packages/{ecosystem}/*, /api/package/*,
/api/vulns/*, /api/browse/*, /api/compare/*) only checked for an empty
path before passing user input to GetPackageByEcosystemName and the
enrichment service.
Add validatePackagePath as a coarse first-line filter: reject null
bytes, other control characters, and paths over 512 bytes. Wired into
all five entry handlers immediately after the chi wildcard is read.
This is the generic layer; ecosystem-specific name format rules (npm
scoped name shape, Maven coordinate structure, etc.) can be added on
top per #75.
Fixes #75
|
||
|---|---|---|
| .. | ||
| static | ||
| templates | ||
| api.go | ||
| api_test.go | ||
| browse.go | ||
| browse_test.go | ||
| dashboard.go | ||
| eviction.go | ||
| eviction_test.go | ||
| middleware.go | ||
| middleware_test.go | ||
| mirror_api.go | ||
| mirror_api_test.go | ||
| packages_list_test.go | ||
| resolve.go | ||
| resolve_test.go | ||
| server.go | ||
| server_test.go | ||
| static.go | ||
| swagger_gen.go | ||
| templates.go | ||
| templates_test.go | ||