mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 14:06:16 +02:00
fetchClosure: Only allow some "safe" store types
This commit is contained in:
parent
7ffda0af6e
commit
4120930ac1
1 changed files with 10 additions and 2 deletions
|
@ -1,6 +1,7 @@
|
||||||
#include "primops.hh"
|
#include "primops.hh"
|
||||||
#include "store-api.hh"
|
#include "store-api.hh"
|
||||||
#include "make-content-addressed.hh"
|
#include "make-content-addressed.hh"
|
||||||
|
#include "url.hh"
|
||||||
|
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
|
@ -50,8 +51,15 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
|
||||||
.errPos = pos
|
.errPos = pos
|
||||||
});
|
});
|
||||||
|
|
||||||
// FIXME: only allow some "trusted" store types (like BinaryCacheStore).
|
auto parsedURL = parseURL(*fromStoreUrl);
|
||||||
auto fromStore = openStore(*fromStoreUrl);
|
|
||||||
|
if (parsedURL.scheme != "http" && parsedURL.scheme != "https")
|
||||||
|
throw Error({
|
||||||
|
.msg = hintfmt("'fetchClosure' only supports http:// and https:// stores"),
|
||||||
|
.errPos = pos
|
||||||
|
});
|
||||||
|
|
||||||
|
auto fromStore = openStore(parsedURL.to_string());
|
||||||
|
|
||||||
if (toCA) {
|
if (toCA) {
|
||||||
if (!toPath || !state.store->isValidPath(*toPath)) {
|
if (!toPath || !state.store->isValidPath(*toPath)) {
|
||||||
|
|
Loading…
Reference in a new issue