internal/normalize: harden against possible attacks; optimize registry

Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Iaf89cda3c480d6a8371e5f146ee95fcf6a6a6964
2026-03-01 13:08:31 +03:00 · 2026-03-01 13:08:31 +03:00 · ffb4ab2295
commit ffb4ab2295
parent b2256183e1
3 changed files with 24 additions and 11 deletions
--- a/internal/normalize/path.go
+++ b/internal/normalize/path.go
@ -6,20 +6,22 @@ import (
 	"notashelf.dev/watchdog/internal/config"
 )

-const maxPathLength = 2048
-
 type PathNormalizer struct {
-	cfg config.PathConfig
+	cfg       config.PathConfig
+	maxLength int
 }

 func NewPathNormalizer(cfg config.PathConfig) *PathNormalizer {
-	return &PathNormalizer{cfg: cfg}
+	return &PathNormalizer{
+		cfg:       cfg,
+		maxLength: 2048,
+	}
 }

 func (n *PathNormalizer) Normalize(path string) string {
-	// Return as-is if path is too long
-	if len(path) > maxPathLength {
-		return path
+	// Reject paths that are too long; don't bypass normalization
+	if len(path) > n.maxLength {
+		return "/"
 	}

 	if path == "" {