l3tchupkt opened a new pull request, #9215: URL: https://github.com/apache/pouchdb/pull/9215
## Overview This PR adds validation for database names derived from `info.db_name` and used in mapreduce view cleanup operations. In environments where database names may originate from external input (e.g., multi-tenant applications constructing database names from user identifiers), the current implementation allows potentially unsafe database names to flow through PouchDB's internal metadata system and eventually be used in destructive operations. ### Changes: 1. **createView.js**: Added validation before constructing `depDbName` from `info.db_name`. Invalid database names are logged with a warning and skipped. 2. **index.js (localViewCleanup)**: Added validation for view database names before processing them during cleanup. Invalid entries are logged with a warning and skipped. Both validations use a regex pattern `^[^<>:"|?*]+$` that blocks dangerous characters commonly used in path traversal attacks while still allowing valid paths like `./data/mydb`. This hardening improves safety without introducing breaking changes - existing code continues to work, but potentially unsafe database names are now handled defensively. ## Testing recommendations 1. **Existing functionality**: Create views and run view cleanup on databases with standard names (alphanumeric, underscores, paths like `./data/mydb`). Verify normal operation continues. 2. **Edge cases**: Test with database names containing the blocked characters `<>:"|?*`. These should trigger warnings and be skipped rather than processed. 3. **Multi-tenant scenario**: In a server environment, verify that database names originating from user input are handled safely during view operations. ## Related Issues or Pull Requests N/A - This is a proactive hardening improvement based on security review feedback. ## Checklist - [x] I am not a bot - [x] This is my own work, I did not use AI, LLM's or similar technology for code or docs generation - [x] Code is written and works correctly - [ ] Changes are covered by tests - [ ] Documentation changes were made in the `docs` folder -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
