2 files changed,
17 insertions(+),
0 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-04-23 21:26:57 +0300
Authored at:
2026-04-23 21:06:46 +0300
Change ID:
ssmtkmmontlrnunwwmvsyslkzlvwsunv
Parent:
d220163
jump to
| M | internal/ssh/ssh.go |
| M | testscript/ssh-push.txtar |
M
internal/ssh/ssh.go
路路路 35 35 }, nil 36 36 } 37 37 38 +var validCommands = map[string]bool{ 39 + "git-upload-pack": true, 40 + "git-upload-archive": true, 41 + "git-receive-pack": true, 42 +} 43 + 38 44 func (s *Shell) HandleCommand(ctx context.Context, cmd string, stdin io.Reader, stdout, stderr io.Writer) error { 39 45 gitCmd, repoName, err := s.parseCommand(cmd) 40 46 if err != nil { 41 47 slog.Error("ssh invalid command", "error", err, "raw_cmd", cmd) 42 48 return err 49 + } 50 + 51 + if !validCommands[gitCmd] { 52 + slog.Error("access denied: invalid git command") 53 + return fmt.Errorf("access denied: invalid git command") 43 54 } 44 55 45 56 repoPath, err := git.ResolvePath(s.cfg.Repo.Dir, git.ResolveName(repoName))