Do some validation of URLs

author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2012-07-30T21·09-0400
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2012-07-30T21·09-0400
commit: 9cd63d224468af87baf74228acc162873c649493 (patch)
tree: 48c45348ac0f05d0d689f068da21a61afeba6f70 /scripts/download-from-binary-cache.pl.in
parent: f3eb29c6530e990b18e9f04390f6fa7bfbc58078 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in
index 7e203ec9d057..5d65e664e564 100644
--- a/scripts/download-from-binary-cache.pl.in
+++ b/scripts/download-from-binary-cache.pl.in
@@ -5,6 +5,7 @@ use File::Basename;
 use IO::Select;
 use Nix::Config;
 use Nix::Store;
+use Nix::Utils;
 use WWW::Curl::Easy;
 use WWW::Curl::Multi;
 use strict;
@@ -249,8 +250,6 @@ sub processNARInfo {
         return undef;
     }
 
-    # FIXME: validate $url etc. for security.
-
     # Cache the result.
     $insertNAR->execute(
         $cache->{id}, basename($storePath), $url, $compression, $fileHash, $fileSize,
@@ -455,6 +454,7 @@ sub downloadBinary {
         }
         my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs
         print STDERR "\n*** Downloading ‘$url’ into ‘$storePath’...\n";
+        Nix::Utils::checkURL $url;
         if (system("$Nix::Config::curl --fail --location --insecure '$url' | $decompressor | $Nix::Config::binDir/nix-store --restore $storePath") != 0) {
             die "download of `$info->{url}' failed" . ($! ? ": $!" : "") . "\n" unless $? == 0;
             next;
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2012-07-30T21·09-0400
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2012-07-30T21·09-0400
commit	9cd63d224468af87baf74228acc162873c649493 (patch)
tree	48c45348ac0f05d0d689f068da21a61afeba6f70 /scripts/download-from-binary-cache.pl.in
parent	f3eb29c6530e990b18e9f04390f6fa7bfbc58078 (diff)