From c76d05afc0f9585577d7be0da8e674b2944bbf20 Mon Sep 17 00:00:00 2001 From: "Malte S. Stretz" Date: Wed, 5 Feb 2025 17:28:34 +0100 Subject: [PATCH] fix(vendor): Remove excessive URL validation (#1024) * fix(vendor): Remove excessive URL validation Fixes #1019 * feat(vendor): Add component to error message --------- Co-authored-by: Erik Osterman (CEO @ Cloud Posse) --- internal/exec/go_getter_utils.go | 5 ----- internal/exec/vendor_utils.go | 4 ++-- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/internal/exec/go_getter_utils.go b/internal/exec/go_getter_utils.go index 4c6667d45..8a99a5f6c 100644 --- a/internal/exec/go_getter_utils.go +++ b/internal/exec/go_getter_utils.go @@ -27,7 +27,6 @@ func ValidateURI(uri string) error { if len(uri) > 2048 { return fmt.Errorf("URI exceeds maximum length of 2048 characters") } - // Add more validation as needed // Validate URI format if strings.Contains(uri, "..") { return fmt.Errorf("URI cannot contain path traversal sequences") @@ -35,10 +34,6 @@ func ValidateURI(uri string) error { if strings.Contains(uri, " ") { return fmt.Errorf("URI cannot contain spaces") } - // Validate characters - if strings.ContainsAny(uri, "<>|&;$") { - return fmt.Errorf("URI contains invalid characters") - } // Validate scheme-specific format if strings.HasPrefix(uri, "oci://") { if !strings.Contains(uri[6:], "/") { diff --git a/internal/exec/vendor_utils.go b/internal/exec/vendor_utils.go index 965538ba6..bde48e9b0 100644 --- a/internal/exec/vendor_utils.go +++ b/internal/exec/vendor_utils.go @@ -370,9 +370,9 @@ func ExecuteAtmosVendorInternal( err = ValidateURI(uri) if err != nil { if strings.Contains(uri, "..") { - return fmt.Errorf("Invalid URI '%s': %w. Please ensure the source is a valid local path or a properly formatted URI.", uri, err) + return fmt.Errorf("invalid URI for component %s: %w: Please ensure the source is a valid local path", s.Component, err) } - return err + return fmt.Errorf("invalid URI for component %s: %w", s.Component, err) } }