diff --git a/remote/mirror.rs b/remote/mirror.rs index fb89914..bb95c7d 100644 --- a/remote/mirror.rs +++ b/remote/mirror.rs @@ -8,13 +8,18 @@ impl GitBare { &self, request: UpdateRemoteMirrorRequest, ) -> GitResult { + crate::sanitize::validate_remote_url(&request.remote_url)?; + let remote_name = if request.remote_name.is_empty() { "origin" } else { &request.remote_name }; + crate::sanitize::validate_ref_name(remote_name)?; + for rs in &request.refspecs { + crate::sanitize::validate_refspec(rs)?; + } - // Add or update remote let remote_check = std::process::Command::new("git") .args([ "--git-dir", @@ -26,7 +31,6 @@ impl GitBare { .output(); if remote_check.is_err() || !remote_check.unwrap().status.success() { - // Add new remote std::process::Command::new("git") .args([ "--git-dir", @@ -42,7 +46,6 @@ impl GitBare { stderr: e.to_string(), })?; } else { - // Update existing remote URL std::process::Command::new("git") .args([ "--git-dir", @@ -59,7 +62,6 @@ impl GitBare { })?; } - // Fetch let mut fetch_args = vec![ "--git-dir".to_string(), self.bare_dir.to_string_lossy().into_owned(), @@ -129,13 +131,18 @@ impl GitBare { /// Fetch from a remote URL without mirroring. pub fn fetch_remote(&self, request: FetchRemoteRequest) -> GitResult { + crate::sanitize::validate_remote_url(&request.remote_url)?; + let remote_name = if request.remote_name.is_empty() { "origin" } else { &request.remote_name }; + crate::sanitize::validate_ref_name(remote_name)?; + for rs in &request.refspecs { + crate::sanitize::validate_refspec(rs)?; + } - // Ensure remote exists let exists = std::process::Command::new("git") .args([ "--git-dir", @@ -213,6 +220,8 @@ impl GitBare { /// Clone a repository from a remote URL (bare + mirror). pub fn create_repository_from_url(&self, remote_url: &str, mirror: bool) -> GitResult<()> { + crate::sanitize::validate_remote_url(remote_url)?; + let mut args = vec!["clone".to_string()]; args.push("--bare".to_string()); if mirror {