diff --git a/src/ansibleguy-webui/aw/api_endpoints/base.py b/src/ansibleguy-webui/aw/api_endpoints/base.py index c9a0518..d8d4c27 100644 --- a/src/ansibleguy-webui/aw/api_endpoints/base.py +++ b/src/ansibleguy-webui/aw/api_endpoints/base.py @@ -93,11 +93,13 @@ def not_implemented(*args, **kwargs): return JsonResponse({'error': 'Not yet implemented'}, status=404) -def validate_no_xss(value: str, field: str, shell_cmd: bool = False): +def validate_no_xss(value: str, field: str, shell_cmd: bool = False, single_quote: bool = False): if is_set(value) and isinstance(value, str): - if shell_cmd: - # ignore characters shell-commands may need + # ignore characters shell-commands may need + if single_quote or shell_cmd: value = value.replace("'", '') + + if shell_cmd: value = value.replace('&', '') if value != escape_html(value): diff --git a/src/ansibleguy-webui/aw/config/form_metadata.py b/src/ansibleguy-webui/aw/config/form_metadata.py index c6cb0b6..a984121 100644 --- a/src/ansibleguy-webui/aw/config/form_metadata.py +++ b/src/ansibleguy-webui/aw/config/form_metadata.py @@ -39,6 +39,7 @@ 'git_isolate': 'Git Isolate Directory', 'git_hook_pre': 'Git Pre-Hook', 'git_hook_post': 'Git Post-Hook', + 'git_hook_cleanup': 'Git Cleanup-Hook', 'git_override_initialize': 'Git Override Initialize-Command', 'git_override_update': 'Git Override Update-Command', }, diff --git a/src/ansibleguy-webui/aw/execute/repository.py b/src/ansibleguy-webui/aw/execute/repository.py index e822f0d..bc9128a 100644 --- a/src/ansibleguy-webui/aw/execute/repository.py +++ b/src/ansibleguy-webui/aw/execute/repository.py @@ -162,6 +162,7 @@ def cleanup_repository(self): for attr in BaseJobCredentials.SECRET_ATTRS: overwrite_and_delete_file(get_pwd_file(path_run=path_run_repo, attr=attr)) + self._run_repo_config_cmds(cmds=self.repository.git_hook_cleanup, env=self._git_env()) if self.repository.git_isolate: rmtree(self.get_path_repo(), ignore_errors=True) diff --git a/src/ansibleguy-webui/aw/model/repository.py b/src/ansibleguy-webui/aw/model/repository.py index a36b5a3..a2b7ce2 100644 --- a/src/ansibleguy-webui/aw/model/repository.py +++ b/src/ansibleguy-webui/aw/model/repository.py @@ -16,12 +16,13 @@ class Repository(BaseModel): form_fields_git = [ 'name', 'git_origin', 'git_credentials', 'git_branch', 'git_isolate', 'git_lfs', 'git_limit_depth', 'git_playbook_base', - 'git_hook_pre', 'git_hook_post', 'git_override_initialize', 'git_override_update', + 'git_hook_pre', 'git_hook_post', 'git_hook_cleanup', 'git_override_initialize', 'git_override_update', ] form_fields_static = ['name', 'static_path'] form_fields = [ 'name', 'rtype', 'static_path', 'git_origin', 'git_credentials', 'git_branch', 'git_isolate', 'git_lfs', - 'git_limit_depth', 'git_hook_pre', 'git_hook_post', 'git_override_initialize', 'git_override_update', + 'git_limit_depth', 'git_hook_pre', 'git_hook_post', 'git_hook_cleanup', + 'git_override_initialize', 'git_override_update', 'git_playbook_base', ] api_fields_read = form_fields.copy() @@ -31,7 +32,9 @@ class Repository(BaseModel): ]) api_fields_write = form_fields - fields_shell_cmds = ['git_hook_pre', 'git_hook_post', 'git_override_initialize', 'git_override_update'] + fields_shell_cmds = [ + 'git_hook_pre', 'git_hook_post', 'git_hook_cleanup', 'git_override_initialize', 'git_override_update', + ] name = models.CharField(max_length=100, null=False, blank=False) rtype = models.PositiveSmallIntegerField(choices=CHOICES_REPOSITORY) @@ -49,6 +52,7 @@ class Repository(BaseModel): git_limit_depth = models.PositiveIntegerField(**DEFAULT_NONE) git_hook_pre = models.CharField(max_length=1000, **DEFAULT_NONE) git_hook_post = models.CharField(max_length=1000, **DEFAULT_NONE) + git_hook_cleanup = models.CharField(max_length=1000, **DEFAULT_NONE) git_override_initialize = models.CharField(max_length=1000, **DEFAULT_NONE) git_override_update = models.CharField(max_length=1000, **DEFAULT_NONE) git_playbook_base = models.CharField(max_length=300, **DEFAULT_NONE)