From 7c00826647dc5a2a8123cfae0bb939a61252bcff Mon Sep 17 00:00:00 2001
From: Jorrit Schaap <schaap@astron.nl>
Date: Wed, 21 Feb 2024 11:55:27 +0100
Subject: [PATCH] TMSS-2829: use regex for destination path validation to
 prevent bash injection

---
 .../tmssapp/schemas/subtask_template/copy/copy_pipeline-1.json | 3 ++-
 .../schemas/task_template/pipeline/copy_pipeline-1.json        | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/schemas/subtask_template/copy/copy_pipeline-1.json b/SAS/TMSS/backend/src/tmss/tmssapp/schemas/subtask_template/copy/copy_pipeline-1.json
index a67c4076083..a890d100c91 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/schemas/subtask_template/copy/copy_pipeline-1.json
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/schemas/subtask_template/copy/copy_pipeline-1.json
@@ -14,7 +14,8 @@
       "destination": {
         "default": "localhost:/tmp",
         "description": "Where to copy the data to: <host>:/path/to/destination",
-        "type": "string"
+        "type": "string",
+        "pattern": "^[a-zA-Z\\d_\\-]*\\:?(/[a-zA-Z\\d_\\-]+)+$"
       },
       "managed_output": {
         "default": false,
diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/schemas/task_template/pipeline/copy_pipeline-1.json b/SAS/TMSS/backend/src/tmss/tmssapp/schemas/task_template/pipeline/copy_pipeline-1.json
index a7410dae6bc..833b25a2aaa 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/schemas/task_template/pipeline/copy_pipeline-1.json
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/schemas/task_template/pipeline/copy_pipeline-1.json
@@ -14,7 +14,8 @@
       "destination": {
         "default": "localhost:/tmp",
         "description": "Where to copy the data to: <host>:/path/to/destination",
-        "type": "string"
+        "type": "string",
+        "pattern": "^[a-zA-Z\\d_\\-]*\\:?(/[a-zA-Z\\d_\\-]+)+$"
       },
       "managed_output": {
         "default": false,
-- 
GitLab