fix(api): protect api from bad interpolation sequences from git info (#…

…5944)
ovh · Sep 20, 2021 · ed59ae3 · ed59ae3
1 parent ef9d729
commit ed59ae3
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/engine/api/workflow/process_node.go b/engine/api/workflow/process_node.go
@@ -252,8 +252,20 @@ func processNode(ctx context.Context, db gorpmapper.SqlExecutorWithTx, store cac
 		}
 	}
 
+	// Replace ("{{ }}" in vcsInfo that should be badly interpreted by interpolation engine)
+	var repl = func(s *string) {
+		*s = strings.ReplaceAll(*s, "{{", "((")
+		*s = strings.ReplaceAll(*s, "}}", "))")
+	}
+
 	// Update git params / git columns
 	if isRoot && vcsInf != nil {
+		repl(&vcsInf.Author)
+		repl(&vcsInf.Branch)
+		repl(&vcsInf.Hash)
+		repl(&vcsInf.Message)
+		repl(&vcsInf.Tag)
+
 		setValuesGitInBuildParameters(nr, *vcsInf)
 	}
 
@@ -281,6 +293,12 @@ func processNode(ctx context.Context, db gorpmapper.SqlExecutorWithTx, store cac
 
 	// Update datas if repo change
 	if !isRoot && vcsInf != nil {
+		repl(&vcsInf.Author)
+		repl(&vcsInf.Branch)
+		repl(&vcsInf.Hash)
+		repl(&vcsInf.Message)
+		repl(&vcsInf.Tag)
+
 		setValuesGitInBuildParameters(nr, *vcsInf)
 	}