about summary refs log tree commit diff
path: root/scripts/download-from-binary-cache.pl.in
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2012-07-30T21·09-0400
committerEelco Dolstra <eelco.dolstra@logicblox.com>2012-07-30T21·09-0400
commit9cd63d224468af87baf74228acc162873c649493 (patch)
tree48c45348ac0f05d0d689f068da21a61afeba6f70 /scripts/download-from-binary-cache.pl.in
parentf3eb29c6530e990b18e9f04390f6fa7bfbc58078 (diff)
Do some validation of URLs
Diffstat (limited to 'scripts/download-from-binary-cache.pl.in')
-rw-r--r--scripts/download-from-binary-cache.pl.in4
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in
index 7e203ec9d057..5d65e664e564 100644
--- a/scripts/download-from-binary-cache.pl.in
+++ b/scripts/download-from-binary-cache.pl.in
@@ -5,6 +5,7 @@ use File::Basename;
 use IO::Select;
 use Nix::Config;
 use Nix::Store;
+use Nix::Utils;
 use WWW::Curl::Easy;
 use WWW::Curl::Multi;
 use strict;
@@ -249,8 +250,6 @@ sub processNARInfo {
         return undef;
     }
 
-    # FIXME: validate $url etc. for security.
-
     # Cache the result.
     $insertNAR->execute(
         $cache->{id}, basename($storePath), $url, $compression, $fileHash, $fileSize,
@@ -455,6 +454,7 @@ sub downloadBinary {
         }
         my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs
         print STDERR "\n*** Downloading ‘$url’ into ‘$storePath’...\n";
+        Nix::Utils::checkURL $url;
         if (system("$Nix::Config::curl --fail --location --insecure '$url' | $decompressor | $Nix::Config::binDir/nix-store --restore $storePath") != 0) {
             die "download of `$info->{url}' failed" . ($! ? ": $!" : "") . "\n" unless $? == 0;
             next;