Skip to content

Sanitize contract name when calling stellar contract init --name.#2449

Merged
fnando merged 2 commits intomainfrom
contract-init-name-sanitization
Mar 12, 2026
Merged

Sanitize contract name when calling stellar contract init --name.#2449
fnando merged 2 commits intomainfrom
contract-init-name-sanitization

Conversation

@fnando
Copy link
Member

@fnando fnando commented Mar 12, 2026

What

Sanitize contract name when calling stellar contract init --name.

$ target/debug/stellar contract init /tmp/mycontract --name ../invalid
error: invalid value '../invalid' for '--name <NAME>': Invalid name: ../invalid
 only alphanumeric characters, underscores (_), and hyphens (-) are allowed.

For more information, try '--help'.

Why

https://hackerone.com/reports/3587907

Known limitations

N/A

@fnando fnando self-assigned this Mar 12, 2026
@fnando fnando added bug Something isn't working cli Related to Soroban CLI labels Mar 12, 2026
Copilot AI review requested due to automatic review settings March 12, 2026 20:58
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Mar 12, 2026
@fnando fnando requested review from Copilot and leighmcculloch and removed request for Copilot March 12, 2026 20:59
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens input validation for stellar contract init --name by reusing the existing “safe name” validation logic, preventing path traversal and other invalid contract names from being used as filesystem path components.

Changes:

  • Introduces a ContractName newtype that validates names via the existing validate_name rules.
  • Updates contract init to accept --name as ContractName (instead of String) and uses it when creating the contract directory and templating Cargo.toml.
  • Adds an integration test asserting contract init --name ../evil fails with an “Invalid name” error.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
cmd/soroban-cli/src/config/address.rs Adds ContractName and unit tests to validate allowed/rejected inputs.
cmd/soroban-cli/src/commands/contract/init.rs Switches --name parsing to ContractName and uses it safely for directory creation and templating.
cmd/crates/soroban-test/tests/it/config.rs Adds an integration test ensuring contract init rejects path traversal in --name.

@fnando fnando enabled auto-merge (squash) March 12, 2026 21:08
@fnando fnando moved this from Backlog (Not Ready) to Needs Review in DevX Mar 12, 2026
@fnando fnando merged commit 57f067f into main Mar 12, 2026
193 checks passed
@fnando fnando deleted the contract-init-name-sanitization branch March 12, 2026 21:39
@github-project-automation github-project-automation bot moved this from Needs Review to Done in DevX Mar 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@leighmcculloch leighmcculloch leighmcculloch approved these changes

Assignees

@fnando fnando

Labels

bug Something isn't working cli Related to Soroban CLI

Projects

DevX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fnando @leighmcculloch