From 456d99d0136d5b26c96b80cdfa83f75be453ad5c Mon Sep 17 00:00:00 2001
From: Casey Callendrello <cdc@redhat.com>
Date: Tue, 19 Jan 2021 15:36:49 +0100
Subject: [PATCH] tighten up plugin-finding logic

---
 pkg/invoke/find.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/invoke/find.go b/pkg/invoke/find.go
index e815404c8..e62029eb7 100644
--- a/pkg/invoke/find.go
+++ b/pkg/invoke/find.go
@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 )
 
 // FindInPath returns the full path of the plugin by searching in the provided path
@@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) {
 		return "", fmt.Errorf("no plugin name provided")
 	}
 
+	if strings.ContainsRune(plugin, os.PathSeparator) {
+		return "", fmt.Errorf("invalid plugin name: %s", plugin)
+	}
+
 	if len(paths) == 0 {
 		return "", fmt.Errorf("no paths provided")
 	}