fix: blocklist fails open when a regex fails to compile #87
Reference in New Issue
Block a user
Delete Branch "benvin/validate-remote-patterns"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Fixes #72
Why
compilePatternssilently discards any pattern that fails to compile. A typo in a blocklist entry therefore turns a deny rule into a no-op — a fail-open with security impact.Changes
Remote.ValidatePatterns, which compiles every pattern list (patterns, blocklist, mutable/immutable patterns, ban_tags) and returns an error on the first invalid regex.Validation
go test ./pkg/models/andmake e2epass.