[Buildbot-devel] Branch name restrictions
Mark Pauley
mpauley at apple.com
Tue Jun 19 18:32:56 UTC 2007
I would say that we should definitely at the very least block quote
characters (or escape them) to prevent web-build based expoits.
Those build-names are passed as args to forked commands.
_Mark
On Jun 19, 2007, at 6:15 AM, Jean-Paul Calderone wrote:
> The web form which allows builds to be forced on a particular SVN
> branch rejects certain branch names:
>
> # keep weird stuff out of the branch and revision strings.
> TODO:
> # centralize this somewhere.
> if not re.match(r'^[\w\.\-\/]*$', branch):
> log.msg("bad branch '%s'" % branch)
> return Redirect("..")
>
> What's the point of this? It seems like it serves little purpose
> other than
> to prevent legitimate use. If anything, the check to make here is
> whether a
> branch with the given name actually exists in the repository.
>
> Jean-Paul
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Buildbot-devel mailing list
> Buildbot-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/buildbot-devel
More information about the devel
mailing list