yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(skills): sanitize git-derived branch names

Browse Source
This commit is contained in:
Abhimanyu Saharan
2026-02-13 23:00:46 +00:00
parent 5d03a522b9
commit 7e48f1a9e0
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/app/api/skills_marketplace.py
View File

@@ -12,6 +12,8 @@ from typing import TYPE_CHECKING
from urllib.parse import unquote, urlparse
from uuid import UUID
import re
from fastapi import APIRouter, Depends, HTTPException, Query, status
from sqlmodel import col
@@ -49,6 +51,7 @@ GATEWAY_ID_QUERY = Query(...)
ALLOWED_PACK_SOURCE_SCHEMES = {"https"}
GIT_CLONE_TIMEOUT_SECONDS = 30
GIT_REV_PARSE_TIMEOUT_SECONDS = 10
BRANCH_NAME_ALLOWED_RE = r"^[A-Za-z0-9._/\-]+$"
@dataclass(frozen=True)
@@ -413,6 +416,9 @@ def _collect_pack_skills(source_url: str) -> list[PackSkillCandidate]:
if any(ch in branch for ch in {"\n", "\r", "\t"}):
branch = "main"
if not re.match(BRANCH_NAME_ALLOWED_RE, branch):
branch = "main"
return _collect_pack_skills_from_repo(
repo_dir=repo_dir,
source_url=source_url,