| 200 | } |
| 201 | |
| 202 | func (g *generator) ProcessResult(ctx context.Context, combo config.CombinedSettings, sql OutputPair, result *compiler.Result) error { |
| 203 | out, resp, err := codegen(ctx, combo, sql, result) |
| 204 | if err != nil { |
| 205 | return err |
| 206 | } |
| 207 | files := map[string]string{} |
| 208 | for _, file := range resp.Files { |
| 209 | files[file.Name] = string(file.Contents) |
| 210 | } |
| 211 | g.m.Lock() |
| 212 | |
| 213 | // out is specified by the user, not a plugin |
| 214 | absout := filepath.Join(g.dir, out) |
| 215 | |
| 216 | for n, source := range files { |
| 217 | filename := filepath.Join(g.dir, out, n) |
| 218 | // filepath.Join calls filepath.Clean which should remove all "..", but |
| 219 | // double check to make sure |
| 220 | if strings.Contains(filename, "..") { |
| 221 | return fmt.Errorf("invalid file output path: %s", filename) |
| 222 | } |
| 223 | // The output file must be contained inside the output directory |
| 224 | if !strings.HasPrefix(filename, absout) { |
| 225 | return fmt.Errorf("invalid file output path: %s", filename) |
| 226 | } |
| 227 | g.output[filename] = source |
| 228 | } |
| 229 | g.m.Unlock() |
| 230 | return nil |
| 231 | } |
| 232 | |
| 233 | func remoteGenerate(ctx context.Context, configPath string, conf *config.Config, dir string, stderr io.Writer) (map[string]string, error) { |
| 234 | rpcClient, err := remote.NewClient(conf.Cloud) |