--- a/access/access.go Wed Apr 12 23:57:06 2023 -0500
+++ b/access/access.go Thu Apr 13 00:05:31 2023 -0500
@@ -96,6 +96,9 @@
func check(user, repo, action string) bool {
// Normalize the repo to remove all trailing /'s and \'s.
repo = strings.TrimRight(repo, "\\/")
r, err := enforcer.Enforce(user, repo, action)
--- a/access/repositories.go Wed Apr 12 23:57:06 2023 -0500
+++ b/access/repositories.go Thu Apr 13 00:05:31 2023 -0500
@@ -5,8 +5,22 @@
+func NormalizeRepo(reposPath, repoName string) (string, string) { + absPath := filepath.Join(reposPath, filepath.Clean(repoName)) + realRepoName := strings.Trim(strings.TrimPrefix(absPath, reposPath), "\\/") + if strings.HasPrefix(absPath, reposPath) && len(realRepoName) > 0 && !strings.Contains(repoName, "/../") { + return reposPath, realRepoName + zap.S().Infof("repository invalid: %q", repoName) func IsExistingRepo(repo string) bool {
_, ok := repositories[repo]
--- a/once/command.go Wed Apr 12 23:57:06 2023 -0500
+++ b/once/command.go Thu Apr 13 00:05:31 2023 -0500
@@ -58,9 +58,9 @@
- return c.serve(g.ReposPath, args.Hg.Repo)
+ return c.serve(access.NormalizeRepo(g.ReposPath, args.Hg.Repo)) - return c.init(g.ReposPath, args.Hg.Init.Repo)
+ return c.init(access.NormalizeRepo(g.ReposPath, args.Hg.Init.Repo)) return fmt.Errorf("unsupported command %q", cmd)
--- a/ssh/commands/commands.go Wed Apr 12 23:57:06 2023 -0500
+++ b/ssh/commands/commands.go Thu Apr 13 00:05:31 2023 -0500
@@ -5,6 +5,7 @@
"github.com/gliderlabs/ssh"
+ "keep.imfreedom.org/grim/hgkeeper/access" "keep.imfreedom.org/grim/hgkeeper/hg"
@@ -20,11 +21,11 @@
- return NewServe(reposPath, values.Hg.Repo), nil
+ return NewServe(access.NormalizeRepo(reposPath, values.Hg.Repo)), nil - return NewInit(reposPath, values.Hg.Init.Repo), nil
+ return NewInit(access.NormalizeRepo(reposPath, values.Hg.Init.Repo)), nil - return NewRemove(reposPath, values.Rm.Repo), nil
+ return NewRemove(access.NormalizeRepo(reposPath, values.Rm.Repo)), nil return nil, fmt.Errorf("unknown command %s", cmd)