diff --git a/registry/coder/modules/dotfiles/README.md b/registry/coder/modules/dotfiles/README.md index 2cab271b..aea57e75 100644 --- a/registry/coder/modules/dotfiles/README.md +++ b/registry/coder/modules/dotfiles/README.md @@ -18,7 +18,7 @@ Under the hood, this module uses the [coder dotfiles](https://coder.com/docs/v2/ module "dotfiles" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/dotfiles/coder" - version = "1.4.1" + version = "1.4.2" agent_id = coder_agent.example.id } ``` @@ -31,7 +31,7 @@ module "dotfiles" { module "dotfiles" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/dotfiles/coder" - version = "1.4.1" + version = "1.4.2" agent_id = coder_agent.example.id } ``` @@ -42,7 +42,7 @@ module "dotfiles" { module "dotfiles" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/dotfiles/coder" - version = "1.4.1" + version = "1.4.2" agent_id = coder_agent.example.id user = "root" } @@ -54,14 +54,14 @@ module "dotfiles" { module "dotfiles" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/dotfiles/coder" - version = "1.4.1" + version = "1.4.2" agent_id = coder_agent.example.id } module "dotfiles-root" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/dotfiles/coder" - version = "1.4.1" + version = "1.4.2" agent_id = coder_agent.example.id user = "root" dotfiles_uri = module.dotfiles.dotfiles_uri @@ -90,7 +90,7 @@ You can set a default dotfiles repository for all users by setting the `default_ module "dotfiles" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/dotfiles/coder" - version = "1.4.1" + version = "1.4.2" agent_id = coder_agent.example.id default_dotfiles_uri = "https://github.com/coder/dotfiles" } diff --git a/registry/coder/modules/dotfiles/main.test.ts b/registry/coder/modules/dotfiles/main.test.ts index 67e0f4a9..62aa15e1 100644 --- a/registry/coder/modules/dotfiles/main.test.ts +++ b/registry/coder/modules/dotfiles/main.test.ts @@ -1,9 +1,11 @@ import { describe, expect, it } from "bun:test"; import { + findResourceInstance, runTerraformApply, runTerraformInit, testRequiredVariables, } from "~test"; +import { readableStreamToText, spawn } from "bun"; describe("dotfiles", async () => { await runTerraformInit(import.meta.dir); @@ -34,6 +36,24 @@ describe("dotfiles", async () => { dotfiles_uri: url, }); expect(state.outputs.dotfiles_uri.value).toBe(url); + + // Run the rendered shell script to verify the shell-side URI + // validation also accepts the URL. The script will fail later + // (no coder binary available), but it must not fail at the + // URI validation step. + const instance = findResourceInstance(state, "coder_script"); + const proc = spawn(["bash", "-c", instance.script], { + stdout: "pipe", + stderr: "pipe", + }); + const stderr = await readableStreamToText(proc.stderr); + await proc.exited; + expect(stderr).not.toContain( + "ERROR: DOTFILES_URI contains invalid characters", + ); + expect(stderr).not.toContain( + "ERROR: DOTFILES_URI must be a valid repository URL", + ); } }); diff --git a/registry/coder/modules/dotfiles/run.sh b/registry/coder/modules/dotfiles/run.sh index f7f275f8..8ec7fa8d 100644 --- a/registry/coder/modules/dotfiles/run.sh +++ b/registry/coder/modules/dotfiles/run.sh @@ -9,7 +9,7 @@ DOTFILES_BRANCH="${DOTFILES_BRANCH}" # Validate DOTFILES_URI to prevent command injection (defense in depth) if [ -n "$DOTFILES_URI" ]; then # shellcheck disable=SC2250 - if [[ "$DOTFILES_URI" =~ [^a-zA-Z0-9._/:@-] ]]; then + if [[ "$DOTFILES_URI" =~ [^a-zA-Z0-9._/:@~-] ]]; then echo "ERROR: DOTFILES_URI contains invalid characters" >&2 exit 1 fi