From 84b6649b8b767b91c7b496ef5d632a57144e7f07 Mon Sep 17 00:00:00 2001 From: Jason Song Date: Fri, 24 Feb 2023 10:17:36 +0800 Subject: [PATCH] Safe filename (#16) Fix #15. Reviewed-on: https://gitea.com/gitea/act/pulls/16 Reviewed-by: Lunny Xiao Co-authored-by: Jason Song Co-committed-by: Jason Song --- pkg/runner/step_action_remote.go | 16 +++++++++++++++- pkg/runner/step_action_remote_test.go | 21 +++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/pkg/runner/step_action_remote.go b/pkg/runner/step_action_remote.go index 8011d68..ba6fc95 100644 --- a/pkg/runner/step_action_remote.go +++ b/pkg/runner/step_action_remote.go @@ -182,7 +182,7 @@ func (sar *stepActionRemote) getActionModel() *model.Action { func (sar *stepActionRemote) getCompositeRunContext(ctx context.Context) *RunContext { if sar.compositeRunContext == nil { - actionDir := fmt.Sprintf("%s/%s", sar.RunContext.ActionCacheDir(), strings.ReplaceAll(sar.Step.Uses, "/", "-")) + actionDir := fmt.Sprintf("%s/%s", sar.RunContext.ActionCacheDir(), safeFilename(sar.Step.Uses)) actionLocation := path.Join(actionDir, sar.remoteAction.Path) _, containerActionDir := getContainerActionPaths(sar.getStepModel(), actionLocation, sar.RunContext) @@ -270,3 +270,17 @@ func parseAction(action string) *remoteAction { URL: "", } } + +func safeFilename(s string) string { + return strings.NewReplacer( + `<`, "-", + `>`, "-", + `:`, "-", + `"`, "-", + `/`, "-", + `\`, "-", + `|`, "-", + `?`, "-", + `*`, "-", + ).Replace(s) +} diff --git a/pkg/runner/step_action_remote_test.go b/pkg/runner/step_action_remote_test.go index abcc8e7..e68214c 100644 --- a/pkg/runner/step_action_remote_test.go +++ b/pkg/runner/step_action_remote_test.go @@ -717,3 +717,24 @@ func Test_newRemoteAction(t *testing.T) { }) } } + +func Test_safeFilename(t *testing.T) { + tests := []struct { + s string + want string + }{ + { + s: "https://test.com/test/", + want: "https---test.com-test-", + }, + { + s: `<>:"/\|?*`, + want: "---------", + }, + } + for _, tt := range tests { + t.Run(tt.s, func(t *testing.T) { + assert.Equalf(t, tt.want, safeFilename(tt.s), "safeFilename(%v)", tt.s) + }) + } +}