feat: Escaping double dots

Signed-off-by: Vincent Boutour <[email protected]>
ViBiOh · Mar 15, 2023 · 3f9f076 · 3f9f076
1 parent 1ac7d88
commit 3f9f076
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/pkg/provider/util.go b/pkg/provider/util.go
@@ -38,6 +38,7 @@ var (
 	}
 	quotesChar   = regexp.MustCompile(`["'` + "`" + `](?m)`)
 	specialChars = regexp.MustCompile(`[^a-z0-9.\-_/](?m)`)
+	pathEscape   = regexp.MustCompile(`\.{2,}(?m)`)
 
 	BufferPool = sync.Pool{
 		New: func() any {
@@ -103,8 +104,9 @@ func SanitizeName(name string, removeSlash bool) (string, error) {
 	withoutSpaces := strings.Replace(withoutDiacritics, " ", "_", -1)
 	withoutQuotes := quotesChar.ReplaceAllString(withoutSpaces, "_")
 	withoutSpecials := specialChars.ReplaceAllString(withoutQuotes, "")
+	withoutPathEscape := pathEscape.ReplaceAllString(withoutSpecials, "_")
 
-	sanitized := withoutSpecials
+	sanitized := withoutPathEscape
 	if removeSlash {
 		sanitized = strings.Replace(sanitized, "/", "_", -1)
 	}

diff --git a/pkg/provider/util_test.go b/pkg/provider/util_test.go
@@ -42,6 +42,12 @@ func TestSanitizeName(t *testing.T) {
 			"path_name",
 			nil,
 		},
+		"should replace points": {
+			"path/../with/security/risk.md",
+			false,
+			"path/_/with/security/risk.md",
+			nil,
+		},
 	}
 
 	for intention, tc := range cases {