diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-07-30T21·09-0400 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-07-30T21·09-0400 |
commit | 9cd63d224468af87baf74228acc162873c649493 (patch) | |
tree | 48c45348ac0f05d0d689f068da21a61afeba6f70 /scripts/download-from-binary-cache.pl.in | |
parent | f3eb29c6530e990b18e9f04390f6fa7bfbc58078 (diff) |
Do some validation of URLs
Diffstat (limited to 'scripts/download-from-binary-cache.pl.in')
-rw-r--r-- | scripts/download-from-binary-cache.pl.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index 7e203ec9d057..5d65e664e564 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -5,6 +5,7 @@ use File::Basename; use IO::Select; use Nix::Config; use Nix::Store; +use Nix::Utils; use WWW::Curl::Easy; use WWW::Curl::Multi; use strict; @@ -249,8 +250,6 @@ sub processNARInfo { return undef; } - # FIXME: validate $url etc. for security. - # Cache the result. $insertNAR->execute( $cache->{id}, basename($storePath), $url, $compression, $fileHash, $fileSize, @@ -455,6 +454,7 @@ sub downloadBinary { } my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs print STDERR "\n*** Downloading ‘$url’ into ‘$storePath’...\n"; + Nix::Utils::checkURL $url; if (system("$Nix::Config::curl --fail --location --insecure '$url' | $decompressor | $Nix::Config::binDir/nix-store --restore $storePath") != 0) { die "download of `$info->{url}' failed" . ($! ? ": $!" : "") . "\n" unless $? == 0; next; |