commit 7d3aa1ee0f649caf50c41c37d6b811a50fc8abcf
parent bfa17a1988def6dea5f76ac4a8312023b7a5d762
Author: Fred Großkopf <fred@kuandu.systems>
Date: Fri, 1 May 2026 09:46:13 +0200
Updates post-receive.hook
Improves sanitized queue file name
Diffstat:
1 file changed, 17 insertions(+), 24 deletions(-)
diff --git a/post-receive.hook b/post-receive.hook
@@ -6,45 +6,38 @@ QUEUE_DIR="/var/spool/gitpages/queue"
sanitize_repo_name() {
name="$1"
-
- [ -z "$name" ] && name="unknown"
-
- # Keep only printable chars, strip leading/trailing ./
- name=$(printf '%s\n' "$name" \
- | tr -cd '[:print:]\n' \
- | sed 's|^[./]*||; s|[./]*$||')
-
- # Keep only safe chars, replace others with -
- name=$(printf '%s\n' "$name" \
- | sed 's|[^A-Za-z0-9._-]|-|g')
-
- # Collapse multiple - or . sequences
- name=$(printf '%s\n' "$name" \
- | sed 's|[-.]\{2,\}|-|g')
-
- # Final sanity fall<E2><80><91>back
+
+ # WHITELIST: ONLY these chars allowed
+ name=$(printf '%s' "$name" | tr -cd 'A-Za-z0-9_-')
+
+ # Reject if invalid length or format
+ if [ ${#name} -lt 1 ] || [ ${#name} -gt 32 ]; then
+ printf '%s\n' "invalid" >&2
+ exit 1
+ fi
+
+ # Reject if just separators or ending with seperators
case "$name" in
- '' | '.' | '..') name="invalid-repo" ;;
+ "-" | "_" | *"-" | *"_") printf '%s\n' "invalid" >&2; exit 1 ;;
esac
+ # No leading digits
+ if echo "$name" | grep -q '^[0-9]' ; then
+ printf '%s\n' "invalid" >&2; exit 1
+ fi
+
printf '%s\n' "$name"
}
main() {
REPO_PATH="$PWD"
- # Extract repo name from path (e.g., "A" from /var/git/A.git)
repo_name=$(basename "$REPO_PATH" .git)
-
- # Sanitize repo name for safe filename
safe_repo_name=$(sanitize_repo_name "$repo_name")
-
- # Queue job file: /var/spool/gitpages/queue/<safe_repo_name>
jobfile="$QUEUE_DIR/$safe_repo_name"
umask 002
- # Write repo_path into the job file, atomically
printf '%s\n' "$REPO_PATH" > "$jobfile.$$"
mv "$jobfile.$$" "$jobfile"
}
