osbuild: validate env var name in systemd.unit

Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
osbuild · Apr 8, 2024 · 3148580 · 3148580
1 parent e98606e
commit 3148580
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/pkg/osbuild/systemd_unit_stage.go b/pkg/osbuild/systemd_unit_stage.go
@@ -1,5 +1,10 @@
 package osbuild
 
+import (
+	"fmt"
+	"regexp"
+)
+
 type unitType string
 
 const (
@@ -16,7 +21,22 @@ type SystemdUnitStageOptions struct {
 
 func (SystemdUnitStageOptions) isStageOptions() {}
 
+func (o *SystemdUnitStageOptions) validate() error {
+	vre := regexp.MustCompile(envVarRegex)
+	if service := o.Config.Service; service != nil {
+		for _, envVar := range service.Environment {
+			if !vre.MatchString(envVar.Key) {
+				return fmt.Errorf("variable name %q doesn't conform to schema (%s)", envVar.Key, envVarRegex)
+			}
+		}
+	}
+	return nil
+}
+
 func NewSystemdUnitStage(options *SystemdUnitStageOptions) *Stage {
+	if err := options.validate(); err != nil {
+		panic(err)
+	}
 	return &Stage{
 		Type:    "org.osbuild.systemd.unit",
 		Options: options,