fix: validate remote regex patterns at write time
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful

compilePatterns silently drops any pattern that fails to compile, so a
mistyped blocklist entry became a no-op (fail-open). Reject invalid
patterns when a remote is created or updated via Remote.ValidatePatterns,
returning 400 instead of storing a rule that never matches.

Refs #72
This commit is contained in:
2026-07-02 00:32:16 +10:00
parent 8d9bc1c422
commit 65c8281348
3 changed files with 52 additions and 0 deletions
+19
View File
@@ -0,0 +1,19 @@
package models
import "testing"
func TestRemote_ValidatePatterns(t *testing.T) {
valid := &Remote{
Patterns: []string{`.*\.tar\.gz$`},
Blocklist: []string{`^secret/`},
ImmutablePatterns: []string{`\.rpm$`},
}
if err := valid.ValidatePatterns(); err != nil {
t.Fatalf("expected valid patterns, got %v", err)
}
bad := &Remote{Blocklist: []string{`[unterminated`}}
if err := bad.ValidatePatterns(); err == nil {
t.Fatal("expected error for invalid blocklist regex, got nil")
}
}