From 037246c1428a99ad3e4a1a3d40b291b2f86c2f4e Mon Sep 17 00:00:00 2001 From: Seonghyun Hong Date: Sat, 20 Jun 2026 13:31:54 +0900 Subject: [PATCH] fix: sanitize all invalid characters in checksum filenames normalizeFilename used the regexp [^A-z0-9], but A-z is the ASCII range 65-122, which includes the six characters [ \ ] ^ _ ` between Z and a. Those were left unsanitized in the on-disk checksum/timestamp filename, so a task name containing e.g. a backslash could corrupt the file path and break up-to-date detection. Use [^A-Za-z0-9] as intended. --- internal/fingerprint/sources_checksum.go | 2 +- internal/fingerprint/sources_checksum_test.go | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/internal/fingerprint/sources_checksum.go b/internal/fingerprint/sources_checksum.go index f1108e111c..f4aee43b0c 100644 --- a/internal/fingerprint/sources_checksum.go +++ b/internal/fingerprint/sources_checksum.go @@ -119,7 +119,7 @@ func (checker *ChecksumChecker) checksumFilePath(t *ast.Task) string { return filepath.Join(checker.tempDir, "checksum", normalizeFilename(t.Name())) } -var checksumFilenameRegexp = regexp.MustCompile("[^A-z0-9]") +var checksumFilenameRegexp = regexp.MustCompile("[^A-Za-z0-9]") // replaces invalid characters on filenames with "-" func normalizeFilename(f string) string { diff --git a/internal/fingerprint/sources_checksum_test.go b/internal/fingerprint/sources_checksum_test.go index a2b35cd316..9afc25b6d8 100644 --- a/internal/fingerprint/sources_checksum_test.go +++ b/internal/fingerprint/sources_checksum_test.go @@ -16,6 +16,12 @@ func TestNormalizeFilename(t *testing.T) { {"foo/bar/baz", "foo-bar-baz"}, {"foo@bar/baz", "foo-bar-baz"}, {"foo1bar2baz3", "foo1bar2baz3"}, + // Characters in the ASCII range between 'Z' (90) and 'a' (97) must + // also be normalized. A "[A-z]" class would wrongly include these. + {"foo\\bar", "foo-bar"}, + {"foo_bar", "foo-bar"}, + {"foo[bar]baz", "foo-bar-baz"}, + {"foo^bar`baz", "foo-bar-baz"}, } for _, test := range tests { assert.Equal(t, test.Out, normalizeFilename(test.In))