Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Sanitize Bundle Name #886

Open
2 tasks
TristanHoladay opened this issue Aug 29, 2024 · 2 comments · May be fixed by #914
Open
2 tasks

Sanitize Bundle Name #886

TristanHoladay opened this issue Aug 29, 2024 · 2 comments · May be fixed by #914
Labels
tech-debt

Comments

@TristanHoladay
Copy link
Collaborator

Based on a comment from @catsby (#882 (comment)) we should be doing some kind of sanitizing on bundle names.

  • ensure bundle name is sanitized
  • look into if there are other pieces of metadata getting used in potentially compromising ways and should be sanitized
@catsby
Copy link
Collaborator

catsby commented Sep 5, 2024

@TristanHoladay do you think we want to reject bundle names with "bad" characters ([,*,\, etc) and error here, or just remove them... the difference being do we silently ignore them or fail with validation errors

@TristanHoladay
Copy link
Collaborator Author

@catsby i think we should reject them with validation errors. spoke with @UncleGedd synchronously, and he agreed.

@catsby catsby linked a pull request Sep 9, 2024 that will close this issue
Draft
5 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
tech-debt
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Validate and format bundle names to exclude special characters defenseunicorns/uds-cli
2 participants
@catsby @TristanHoladay