summaryrefslogtreecommitdiffstats
path: root/resources/resource_factories/create/create.go
diff options
context:
space:
mode:
Diffstat (limited to 'resources/resource_factories/create/create.go')
-rw-r--r--resources/resource_factories/create/create.go16
1 files changed, 16 insertions, 0 deletions
diff --git a/resources/resource_factories/create/create.go b/resources/resource_factories/create/create.go
index 64e2f95a6..f7d0efe64 100644
--- a/resources/resource_factories/create/create.go
+++ b/resources/resource_factories/create/create.go
@@ -154,6 +154,9 @@ func (c *Client) FromString(targetPath, content string) (resource.Resource, erro
// FromRemote expects one or n-parts of a URL to a resource
// If you provide multiple parts they will be joined together to the final URL.
func (c *Client) FromRemote(uri string, options map[string]interface{}) (resource.Resource, error) {
+ if err := c.validateFromRemoteArgs(uri, options); err != nil {
+ return nil, err
+ }
rURL, err := url.Parse(uri)
if err != nil {
return nil, errors.Wrapf(err, "failed to parse URL for resource %s", uri)
@@ -262,6 +265,19 @@ func (c *Client) FromRemote(uri string, options map[string]interface{}) (resourc
}
+func (c *Client) validateFromRemoteArgs(uri string, options map[string]interface{}) error {
+ if err := c.rs.ExecHelper.Sec().CheckAllowedHTTPURL(uri); err != nil {
+ return err
+ }
+
+ if method, ok := options["method"].(string); ok {
+ if err := c.rs.ExecHelper.Sec().CheckAllowedHTTPMethod(method); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
func addDefaultHeaders(req *http.Request, accepts ...string) {
for _, accept := range accepts {
if !hasHeaderValue(req.Header, "Accept", accept) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 16:12:25 +0000