From f9aa2b529eb6b4597665f4d8962528fe20b416fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= <rene.pfeuffer@cloudogu.com>
Date: Thu, 14 Jan 2021 13:09:02 +0100
Subject: [PATCH] Validate type parameter

---
 .../sonia/scm/api/v2/resources/RepositoryImportResource.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java
index f5731d3e7e..e3a2763d85 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java
@@ -159,7 +159,8 @@ public class RepositoryImportResource {
     )
   )
   public Response importFromUrl(@Context UriInfo uriInfo,
-                                @PathParam("type") String type, @Valid RepositoryImportDto request) {
+                                @Pattern(regexp = "\\w{1,10}") @PathParam("type") String type,
+                                @Valid RepositoryImportDto request) {
     RepositoryPermissions.create().check();
 
     Type t = type(manager, type);