Sanitize Patterns, Licenses 2025-07-29

juliojimenez · juliojimenez · commit 934fde16ecc6 · 2025-07-28T20:20:08.000-04:00
Signed-off-by: Julio Jimenez &lt;julio@clickhouse.com&gt;
diff --git a/lib/sanitize.sh b/lib/sanitize.sh
@@ -176,6 +176,38 @@ sanitize_database_name() {
     echo "$sanitized"
 }
 
+# Sanitize comma-separated patterns (for include/exclude)
+sanitize_patterns() {
+    local patterns="$1"
+    
+    if [[ -z "$patterns" ]]; then
+        echo ""
+        return
+    fi
+    
+    # Split by comma and sanitize each pattern
+    local sanitized_patterns=()
+    IFS=',' read -ra pattern_array <<< "$patterns"
+    
+    for pattern in "${pattern_array[@]}"; do
+        # Trim whitespace
+        pattern=$(echo "$pattern" | xargs)
+        
+        # Remove dangerous characters but keep wildcards
+        local sanitized_pattern
+        sanitized_pattern=$(echo "$pattern" | sed 's/[^a-zA-Z0-9.*_-]//g')
+        
+        if [[ -n "$sanitized_pattern" ]]; then
+            sanitized_patterns+=("$sanitized_pattern")
+        fi
+    done
+    
+    # Join back with commas
+    local result
+    result=$(IFS=','; echo "${sanitized_patterns[*]}")
+    echo "$result"
+}
+
 # Main sanitization function - sanitizes all environment variables
 sanitize_inputs() {
     log_debug "Sanitizing input parameters..."
@@ -347,15 +379,15 @@ sanitize_inputs() {
     #     log_debug "Validated MERGE: $MERGE"
     # fi
     
-    # if [[ -n "${INCLUDE:-}" ]]; then
-    #     INCLUDE=$(sanitize_patterns "$INCLUDE")
-    #     log_debug "Sanitized INCLUDE: $INCLUDE"
-    # fi
+    if [[ -n "${INCLUDE:-}" ]]; then
+        INCLUDE=$(sanitize_patterns "$INCLUDE")
+        log_debug "Sanitized INCLUDE: $INCLUDE"
+    fi
     
-    # if [[ -n "${EXCLUDE:-}" ]]; then
-    #     EXCLUDE=$(sanitize_patterns "$EXCLUDE")
-    #     log_debug "Sanitized EXCLUDE: $EXCLUDE"
-    # fi
+    if [[ -n "${EXCLUDE:-}" ]]; then
+        EXCLUDE=$(sanitize_patterns "$EXCLUDE")
+        log_debug "Sanitized EXCLUDE: $EXCLUDE"
+    fi
     
     # Sanitize tokens (GitHub token, etc.) - just remove dangerous characters
     if [[ -n "${GITHUB_TOKEN:-}" ]]; then
diff --git a/license-mappings.json b/license-mappings.json
@@ -188,6 +188,7 @@
   "github.com/butuzov/mirror": "MIT",
   "github.com/bytedance/sonic": "Apache-2.0",
   "github.com/bytedance/sonic/loader": "Apache-2.0",
+  "github.com/c-bata/go-prompt": "MIT",
   "github.com/Azure/azure-amqp-common-go/v3": "MIT",
   "github.com/Azure/azure-pipeline-go": "MIT",
   "github.com/Azure/azure-sdk-for-go-extensions": "MIT",
diff --git a/test/simple.bats b/test/simple.bats
@@ -707,3 +707,52 @@ EOF
     [ "$status" -eq 0 ]
     [[ "$output" == "testdatabase" ]]
 }
+
+# Test 79: sanitize_patterns accepts valid patterns
+@test "sanitize_patterns accepts valid patterns" {
+    run sanitize_patterns "*.json,test*.txt,file.log"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,test*.txt,file.log" ]]
+}
+
+# Test 80: sanitize_patterns trims whitespace
+@test "sanitize_patterns trims whitespace" {
+    run sanitize_patterns " *.json , test*.txt , file.log "
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,test*.txt,file.log" ]]
+}
+
+# Test 81: sanitize_patterns removes dangerous characters
+@test "sanitize_patterns removes dangerous characters" {
+    run sanitize_patterns "*.json,test\$bad.txt"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,testbad.txt" ]]
+}
+
+# Test 82: sanitize_patterns preserves valid wildcards
+@test "sanitize_patterns preserves wildcards" {
+    run sanitize_patterns "*-prod.json,production-*.json"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*-prod.json,production-*.json" ]]
+}
+
+# Test 83: sanitize_patterns handles empty input
+@test "sanitize_patterns handles empty input" {
+    run sanitize_patterns ""
+    [ "$status" -eq 0 ]
+    [[ "$output" == "" ]]
+}
+
+# Test 84: sanitize_patterns removes empty patterns
+@test "sanitize_patterns removes empty patterns" {
+    run sanitize_patterns "*.json,,test*.txt"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json,test*.txt" ]]
+}
+
+# Test 85: sanitize_patterns handles single pattern
+@test "sanitize_patterns handles single pattern" {
+    run sanitize_patterns "*.json"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "*.json" ]]
+}
