From: Tom Hughes <tom@compton.nu>
Date: Wed, 20 Mar 2024 12:45:49 +0000 (+0000)
Subject: Validate local parts for messages.openstreetmap.org to untaint them
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/3469d9e7f679216af70f5d8c10f2935aae83ffa3

Validate local parts for messages.openstreetmap.org to untaint them
---

diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb
index 2549e98dc..b6d80ae8c 100644
--- a/roles/web-frontend.rb
+++ b/roles/web-frontend.rb
@@ -38,7 +38,8 @@ default_attributes(
       :messages => {
         :comment => "messages.openstreetmap.org",
         :domains => ["messages.openstreetmap.org"],
-        :command => "/usr/local/bin/deliver-message $local_part",
+        :local_parts => ["^c-(\\\\d+)-(\\\\d+)-(.*)\\$", "^m-(\\\\d+)-(.*)\\$"],
+        :command => "/usr/local/bin/deliver-message $local_part_data",
         :user => "rails",
         :group => "rails",
         :home_directory => "/srv/www.openstreetmap.org/rails",