Sanitize Patterns, Licenses 2025-07-29

juliojimenez · juliojimenez · commit 2b30571e31d8 · 2025-07-28T20:38:45.000-04:00
Signed-off-by: Julio Jimenez &lt;julio@clickhouse.com&gt;
diff --git a/lib/sanitize.sh b/lib/sanitize.sh
@@ -196,12 +196,6 @@ sanitize_patterns() {
         # Remove dangerous characters but keep wildcards
         local sanitized_pattern
         sanitized_pattern=$(echo "$pattern" | sed 's/[^a-zA-Z0-9.*_-]//g')
-
-        # Prevent directory traversal patterns
-        if [[ "$sanitized_pattern" =~ (\.\./|^\./) ]]; then
-            log_error "Invalid pattern: $pattern contains directory traversal sequences"
-            exit 1
-        fi
         
         if [[ -n "$sanitized_pattern" ]]; then
             sanitized_patterns+=("$sanitized_pattern")
diff --git a/license-mappings.json b/license-mappings.json
@@ -189,6 +189,7 @@
   "github.com/bytedance/sonic": "Apache-2.0",
   "github.com/bytedance/sonic/loader": "Apache-2.0",
   "github.com/c-bata/go-prompt": "MIT",
+  "github.com/cactus/go-statsd-client/statsd": "MIT",
   "github.com/Azure/azure-amqp-common-go/v3": "MIT",
   "github.com/Azure/azure-pipeline-go": "MIT",
   "github.com/Azure/azure-sdk-for-go-extensions": "MIT",
diff --git a/test/simple.bats b/test/simple.bats
@@ -756,11 +756,3 @@ EOF
     [ "$status" -eq 0 ]
     [[ "$output" == "*.json" ]]
 }
-
-# Test 86: sanitize_patterns rejects patterns with directory traversal
-@test "sanitize_patterns rejects patterns with directory traversal" {
-    run sanitize_patterns "../test.json,./test.txt"
-    echo "$output"
-    [ "$status" -eq 1 ]
-    [[ "$output" =~ Invalid\ pattern\:\ \.\.\/test\.json\ contains\ directory\ traversal\ sequences ]]
-}
