fix: validate package name from URL

0xPoe · 0xPoe · commit 1248522eb220 · 2023-12-11T10:11:29.000+08:00
Signed-off-by: hi-rustin &lt;rustin.liu@gmail.com&gt;
diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -197,6 +197,10 @@ impl PackageIdSpec {
                 None => (String::from(path_name), None),
             }
         };
+        if name.is_empty() {
+            bail!("package ID specification must have a name: `{url}`");
+        }
+        validate_package_name(name.as_str(), "pkgid", "")?;
         Ok(PackageIdSpec {
             name,
             version,
@@ -601,7 +605,7 @@ mod tests {
         )
         .is_err());
         assert!(PackageIdSpec::parse("@1.2.3").is_err());
-        assert!(PackageIdSpec::parse("registry+https://github.com").is_ok());
-        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_ok())
+        assert!(PackageIdSpec::parse("registry+https://github.com").is_err());
+        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_err())
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,10 @@ impl PackageIdSpec {`
`197`	`197`	`None => (String::from(path_name), None),`
`198`	`198`	`}`
`199`	`199`	`};`
	`200`	`+ if name.is_empty() {`
	`201`	+ bail!("package ID specification must have a name: `{url}`");
	`202`	`+ }`
	`203`	`+ validate_package_name(name.as_str(), "pkgid", "")?;`
`200`	`204`	`Ok(PackageIdSpec {`
`201`	`205`	`name,`
`202`	`206`	`version,`
`@@ -601,7 +605,7 @@ mod tests {`
`601`	`605`	`)`
`602`	`606`	`.is_err());`
`603`	`607`	`assert!(PackageIdSpec::parse("@1.2.3").is_err());`
`604`		`- assert!(PackageIdSpec::parse("registry+https://github.com").is_ok());`
`605`		`- assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_ok())`
	`608`	`+ assert!(PackageIdSpec::parse("registry+https://github.com").is_err());`
	`609`	`+ assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_err())`
`606`	`610`	`}`
`607`	`611`	`}`