yamanin/registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: ensure relative avatars keep small scope

Browse Source
This commit is contained in:
Michael Smith 2025-04-09 16:07:58 +00:00
parent e035f1fca3
commit 3b9c01ea6c
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
scripts/validate-contributor-readmes/main.go
View File

@ -414,7 +414,7 @@ func parseContributorFiles(readmeEntries []readme) (
contributorProfileFrontmatter: yml, contributorProfileFrontmatter: yml,
} }
if prev, conflict := frontmatterByUsername[processed.GithubUsername]; conflict { if prev, isConflict := frontmatterByUsername[processed.GithubUsername]; isConflict {
yamlParsingErrors.Errors = append( yamlParsingErrors.Errors = append(
yamlParsingErrors.Errors, yamlParsingErrors.Errors,
fmt.Errorf( fmt.Errorf(
@ -534,6 +534,17 @@ func validateRelativeUrls(
continue continue
} }
if strings.HasPrefix(*con.AvatarUrl, "..") {
problems = append(
problems,
fmt.Errorf(
"%q: relative avatar URLs cannot be placed outside a user's namespaced directory",
con.FilePath,
),
)
continue
}
absolutePath := strings.TrimSuffix(con.FilePath, "README.md") + absolutePath := strings.TrimSuffix(con.FilePath, "README.md") +
*con.AvatarUrl *con.AvatarUrl
_, err := os.ReadFile(absolutePath) _, err := os.ReadFile(absolutePath)