fix(web): path traversal, JWT token expiration handling, input validation - round 58 #860
Description
Why
Code review round 58 found critical security vulnerabilities and missing input validation that could lead to:
- Directory traversal attacks via unsanitized repository names
- Expired JWT tokens potentially being accepted
- Inadequate token expiration error handling
What
Apply security fixes:
- Add repository name sanitization in web/blob.go and web/git.go
- Add explicit check for proto.ErrTokenExpired in JWT validation flow
- Improve error messages to avoid information disclosure
- Add input validation across multiple endpoints
Where
- pkg/web/blob.go - blob serving with path traversal vulnerability
- pkg/web/git.go - git operations with path traversal vulnerability
- pkg/web/auth.go - JWT token expiration and error handling
- Multiple files - missing input validation
Plan
- Sanitize repository name parameter from mux.Vars() using utils.SanitizeRepo()
- Check for proto.ErrTokenExpired in parseJWT and handle appropriately
- Add input validation for all URL/form parameters
- Improve error message verbosity