addded path sanitisation for hub repo URL (#4568)

* addded path sanitisation for hub repo URL Signed-off-by: Sarthak Jain <[email protected]> * Sanitized hub repo URL Signed-off-by: Sarthak Jain <[email protected]> --------- Signed-off-by: Sarthak Jain <[email protected]>
litmuschaos · Apr 4, 2024 · dfed4da · dfed4da
1 parent 5da7e55
commit dfed4da
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/chaoscenter/graphql/server/go.mod b/chaoscenter/graphql/server/go.mod
@@ -17,6 +17,7 @@ require (
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/litmuschaos/chaos-operator v0.0.0-20230718113617-6819a4be12e4
 	github.com/litmuschaos/chaos-scheduler v0.0.0-20220714173615-d7513d616a71
+	github.com/mrz1836/go-sanitize v1.3.1
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.4

diff --git a/chaoscenter/graphql/server/go.sum b/chaoscenter/graphql/server/go.sum
@@ -875,6 +875,8 @@ github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5
 github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
 github.com/mrunalp/fileutils v0.0.0-20160930181131-4ee1cc9a8058/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
 github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
+github.com/mrz1836/go-sanitize v1.3.1 h1:bTxpzDXzGh9cp3XLTeVKgL2iLqEwCaLqqe+3BmpnCbo=
+github.com/mrz1836/go-sanitize v1.3.1/go.mod h1:Js6Gq1uiarNReoOeOKxPXxNpKy1FRlbgDDZnJG4THdM=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/munnerz/goautoneg v0.0.0-20190414153302-2ae31c8b6b30/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=

diff --git a/chaoscenter/graphql/server/pkg/chaoshub/handler/handler.go b/chaoscenter/graphql/server/pkg/chaoshub/handler/handler.go
@@ -12,6 +12,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/mrz1836/go-sanitize"
+
 	"github.com/gin-gonic/gin"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
 	chaoshubops "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/chaoshub/ops"
@@ -169,7 +171,7 @@ func DownloadRemoteHub(hubDetails model.CreateRemoteChaosHub, projectID string)
 	defer destDir.Close()
 
 	//download the zip file from the provided url
-	download, err := http.Get(hubDetails.RepoURL)
+	download, err := http.Get(sanitize.URL(hubDetails.RepoURL))
 	if err != nil {
 		log.Error(err)
 		return err