fix(security): prevent inventory validator overwriting input
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Failing after 19s
CD Pipeline / build-and-deploy (push) Has been skipped
CD Pipeline / post-deploy-checks (push) Has been skipped

This commit is contained in:
Your Name
2026-06-29 15:57:34 +08:00
parent b72b16d701
commit 19e11e59dd
2 changed files with 26 additions and 0 deletions

View File

@@ -260,6 +260,8 @@ def main() -> int:
validation = validate_payload(load_json(args.input))
text = json.dumps(validation, ensure_ascii=False, indent=2) + "\n"
if args.output:
if args.output.resolve() == args.input.resolve():
raise SystemExit("output_must_not_equal_input")
args.output.parent.mkdir(parents=True, exist_ok=True)
args.output.write_text(text, encoding="utf-8")
else:

View File

@@ -72,6 +72,30 @@ def test_rejects_execution_request(tmp_path: Path) -> None:
assert validation["operation_boundaries"]["gitea_write_performed"] is False
def test_output_must_not_overwrite_input(tmp_path: Path) -> None:
payload_path = tmp_path / "inventory.json"
original = json.dumps(valid_payload())
payload_path.write_text(original, encoding="utf-8")
result = subprocess.run(
[
sys.executable,
str(SCRIPT),
"--input",
str(payload_path),
"--output",
str(payload_path),
],
text=True,
capture_output=True,
check=False,
)
assert result.returncode != 0
assert "output_must_not_equal_input" in result.stderr
assert payload_path.read_text(encoding="utf-8") == original
def valid_payload() -> dict:
repos = [
repo("wooo/awoooi"),