From 3c0ea7099e47473649441e1841294c1e0dfb14a9 Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 24 Feb 2026 20:07:48 +0100 Subject: [PATCH] fix(restore): validate database file names in zip archive Check that database entries in the zip have a .json suffix and a non-empty base name before slicing the extension off. This prevents a panic from index-out-of-range when the filename is too short. Also use TrimPrefix instead of ReplaceAll for correctness. --- pkg/modules/dump/restore.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/modules/dump/restore.go b/pkg/modules/dump/restore.go index d7b73269d..67e57c9a9 100644 --- a/pkg/modules/dump/restore.go +++ b/pkg/modules/dump/restore.go @@ -81,7 +81,10 @@ func Restore(filename string, overrideConfig bool) error { continue } if strings.HasPrefix(file.Name, "database/") { - fname := strings.ReplaceAll(file.Name, "database/", "") + fname := strings.TrimPrefix(file.Name, "database/") + if !strings.HasSuffix(fname, ".json") || len(fname) <= 5 { + return fmt.Errorf("invalid database file name in zip archive: %q", file.Name) + } dbfiles[fname[:len(fname)-5]] = file continue } @@ -90,7 +93,7 @@ func Restore(filename string, overrideConfig bool) error { continue } if strings.HasPrefix(file.Name, "files/") { - filesFiles[strings.ReplaceAll(file.Name, "files/", "")] = file + filesFiles[strings.TrimPrefix(file.Name, "files/")] = file continue } if file.Name == "VERSION" {