Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/pkg
History
Carlo c86ad041b2
Scope package identifier validation to template substitution (#41028) 
Fixes #41009

## Summary

- Scope `ValidatePackageIdentifiers` to only run when `$PACKAGE_ID` or
`$UPGRADE_CODE` template variables are present in the uninstall script
  - Move `dmg`/`zip` early return before validation
- Switch from ASCII allowlist to shell metacharacter denylist, allowing
legitimate non-ASCII product names (e.g., `®`, parens) while still
blocking injection characters

  ## Test plan

- [x] Added unit tests for conditional validation (non-ASCII IDs
with/without template vars, dmg/zip bypass, upgrade code scoping)
  - [x] Existing input tests still pass
  - [x] Winget ingester tests unaffected

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2026-03-05 13:37:57 -05:00
..
automatic_policy Don't pass the default deb auto-install policy if install status is e.g. uninstalled (#32005) 2025-08-18 17:37:06 -05:00
buildpkg Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
certificate Add SCEP endpoint for host identity. (#30589) 2025-07-11 11:44:07 -03:00
download Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
file Scope package identifier validation to template substitution (#41028) 2026-03-05 13:37:57 -05:00
filepath_windows Allow custom osquery database on fleetd (#16554) 2024-02-05 09:41:06 -03:00
fleetdbase Only allow FLEET_DEV_* env vars when --dev is passed, allow overriding configs one at a time in dev (#38652) 2026-01-27 14:32:56 -06:00
fleethttp Added OTEL instrumentation to Fleet's internal HTTP client. (#40568) 2026-02-26 12:49:52 -06:00
fleethttpsig Updated httpsig-go library to 1.2.0 and removed vendored version. (#32426) 2025-08-28 14:28:30 -05:00
mdm Final slog migration PR: test infrastructure + tools + remaining standalone files (#40727) 2026-02-28 05:52:21 -06:00
nettest fix RunWithNetRetry (#8590) 2022-11-07 16:31:10 +01:00
open Escape ampersands in URL when opening browser in windows (#35146) 2025-11-04 09:20:31 -06:00
optjson NDES SCEP proxy backend (#22542) 2024-10-09 13:47:27 -05:00
race Fix flaky timing test (#23333) 2024-10-29 14:13:17 -03:00
rawjson Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
retry End-user authentication for Window/Linux setup experience: agent (#34847) 2025-11-03 16:41:57 -06:00
scripts Fix windows installer stuck in pending state forever (#22592) 2024-10-02 16:18:37 -04:00
secure Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
spec Recovery Key password: Gitops (#40611) 2026-03-05 08:37:03 -07:00
str Add ability to enable/disable logs by topic (#40126) 2026-02-20 17:22:50 -06:00
testutils Activity bounded context: /api/latest/fleet/activities (1 of 2) (#38115) 2026-01-19 09:07:14 -05:00
README.md Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) 2022-02-14 15:13:44 -03:00

README.md

pkg directory

This top-level pkg directory contains packages that may be shared between all fleet backend components.