2 files changed,
11 insertions(+),
11 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-04-23 22:30:10 +0300
Authored at:
2026-04-23 22:13:54 +0300
Change ID:
vqxowxtkyuulroynnvmoxlvypulrrvzr
Parent:
bb5018d
jump to
| M | internal/ssh/ssh.go |
| M | internal/ssh/ssh_test.go |
M
internal/ssh/ssh.go
路路路 35 35 }, nil 36 36 } 37 37 38 -var validCommands = map[string]bool{ 39 - "git-upload-pack": true, 40 - "git-upload-archive": true, 41 - "git-receive-pack": true, 42 -} 43 - 44 38 func (s *Shell) HandleCommand(ctx context.Context, cmd string, stdin io.Reader, stdout, stderr io.Writer) error { 45 39 gitCmd, repoName, err := s.parseCommand(cmd) 46 40 if err != nil { 47 41 return s.replyWithGitError(stderr, "access denied: invalid command", err) 48 - } 49 - 50 - if !validCommands[gitCmd] { 51 - msg := "access denied: invalid git command" 52 - return s.replyWithGitError(stderr, msg, errors.New(msg)) 53 42 } 54 43 55 44 repoPath, err := git.ResolvePath(s.cfg.Repo.Dir, git.ResolveName(repoName)) 路路路 90 79 return out.String() 91 80 } 92 81 82 +var validCommands = map[string]bool{ 83 + "git-upload-pack": true, 84 + "git-upload-archive": true, 85 + "git-receive-pack": true, 86 +} 87 + 93 88 func (s *Shell) parseCommand(cmd string) (gitCmd, repoName string, err error) { 94 89 cmdParts := strings.Fields(cmd) 95 90 if len(cmdParts) < 2 { 路路路 97 92 } 98 93 99 94 gitCmd = cmdParts[0] 95 + if !validCommands[gitCmd] { 96 + return "", "", fmt.Errorf("invalid command: disallowd command") 97 + } 98 + 100 99 repoName = strings.Trim(cmdParts[1], "'\"") 101 100 if repoName == "" { 102 101 return "", "", fmt.Errorf("invalid command: empty repository name")
M
internal/ssh/ssh_test.go
路路路 58 58 {"git-upload-archive 'archive-repo'", "git-upload-archive", "archive-repo", ""}, 59 59 {"git-upload-pack", "", "", "invalid command"}, 60 60 {"git-upload-pack ''", "", "", "empty repository name"}, 61 + {"echo hi", "", "", "invalid command"}, 61 62 {"", "", "", "invalid command"}, 62 63 } 63 64