Skip to content

Commit 94be33f

Browse files
marticlimentmarticliment
committed
Move security check to SerializableInstallationOptions.getParameters
1 parent 9320690 commit 94be33f

2 files changed

Lines changed: 20 additions & 15 deletions

File tree

src/UniGetUI.PackageEngine.PackageManagerClasses/Manager/Helpers/BasePkgOperationHelper.cs

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -29,19 +29,7 @@ public IReadOnlyList<string> GetParameters(IPackage package,
2929
SerializableInstallationOptions options,
3030
OperationType operation)
3131
{
32-
var parameters = _getOperationParameters(package, options, operation).ToArray();
33-
34-
for (int i = 0; i < parameters.Length; i++)
35-
{
36-
parameters[i] = parameters[i]
37-
.Replace("&", "")
38-
.Replace("|", "")
39-
.Replace(";", "")
40-
.Replace("<", "")
41-
.Replace(">", "")
42-
.Replace("\n", "");
43-
}
44-
32+
var parameters = _getOperationParameters(package, options, operation);
4533
Logger.Info($"Loaded operation parameters for package id={package.Id} on manager {Manager.Name} and operation {operation}: " +
4634
string.Join(' ', parameters));
4735
return parameters.Where(x => x.Any()).ToArray();

src/UniGetUI.PackageEngine.Serializable/SerializableInstallationOptions.cs

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,9 @@ public override void LoadFromJson(JsonNode data)
4848
this.InstallationScope = data[nameof(InstallationScope)]?.GetVal<string>() ?? "";
4949

5050
this.CustomParameters = new List<string>();
51-
foreach(var element in data[nameof(CustomParameters)]?.AsArray2() ?? [])
52-
if (element is not null) this.CustomParameters.Add(element.GetVal<string>());
51+
foreach (var element in data[nameof(CustomParameters)]?.AsArray2() ?? [])
52+
if (element is not null)
53+
this.CustomParameters.Add(element.GetVal<string>());
5354

5455
this.PreRelease = data[nameof(PreRelease)]?.GetVal<bool>() ?? false;
5556
this.CustomInstallLocation = data[nameof(CustomInstallLocation)]?.GetVal<string>() ?? "";
@@ -61,6 +62,22 @@ public override void LoadFromJson(JsonNode data)
6162
// This entry shall be checked the last one, to ensure all other properties are set
6263
this.OverridesNextLevelOpts =
6364
data[nameof(OverridesNextLevelOpts)]?.GetValue<bool>() ?? DiffersFromDefault();
65+
66+
SanitizeOptions();
67+
}
68+
69+
private void SanitizeOptions()
70+
{
71+
for (int i = 0; i < this.CustomParameters.Count; i++)
72+
{
73+
this.CustomParameters[i] = this.CustomParameters[i]
74+
.Replace("&", "")
75+
.Replace("|", "")
76+
.Replace(";", "")
77+
.Replace("<", "")
78+
.Replace(">", "")
79+
.Replace("\n", "");
80+
}
6481
}
6582

6683
public bool DiffersFromDefault()

0 commit comments

Comments
 (0)