From 93b3a00b345370b3e717f25490cbbdce6dda6d37 Mon Sep 17 00:00:00 2001
From: Elijah Newren <newren@gmail.com>
Date: Sat, 23 Nov 2024 21:03:32 -0800
Subject: [PATCH] insert-beginning: add some sanity checking on the passed
 filename

The file should exist, and should not have any '.' or '..' path
components.

Signed-off-by: Elijah Newren <newren@gmail.com>
---
 contrib/filter-repo-demos/insert-beginning | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/filter-repo-demos/insert-beginning b/contrib/filter-repo-demos/insert-beginning
index 9113b93a..65a18f77 100755
--- a/contrib/filter-repo-demos/insert-beginning
+++ b/contrib/filter-repo-demos/insert-beginning
@@ -33,6 +33,10 @@ parser.add_argument('--file', type=os.fsencode,
 args = parser.parse_args()
 if not args.file:
   raise SystemExit("Error: Need to specify the --file option")
+if any([x == b"." or x== b".." for x in args.file.split(b"/")]):
+  raise SystemExit(f"Error: Invalid path components in {fr.decode(args.file)}")
+if not os.path.isfile(args.file):
+  raise SystemExit(f"Error: {fr.decode(args.file)} not found")
 
 fhash = subprocess.check_output(['git', 'hash-object', '-w', args.file]).strip()
 fmode = b'100755' if os.access(args.file, os.X_OK) else b'100644'