Removing all slashes from branch name in the custom workspaces for safer traversal (#65)

reder9 · web-flow · commit 5e685b07e0f3 · 2025-10-17T13:42:20.000-05:00
diff --git a/core/src/main/kotlin/com/code42/jenkins/pipelinekt/core/Pipeline.kt b/core/src/main/kotlin/com/code42/jenkins/pipelinekt/core/Pipeline.kt
@@ -81,7 +81,8 @@ data class Pipeline(
             writer.writeln("def customWorkspacePath = null")
             writer.writeln("if (env.BRANCH_NAME) {")
             val innerWriter = writer.inner()
-            innerWriter.writeln("def safeBranch = env.BRANCH_NAME.replaceAll(/[^A-Za-z0-9._-]/, '_')")
+            innerWriter.writeln("// Replace slashes and other special characters with underscores for safe filesystem paths")
+            innerWriter.writeln("def safeBranch = env.BRANCH_NAME.replaceAll('/', '_').replaceAll(/[^A-Za-z0-9._-]/, '_')")
             innerWriter.writeln("customWorkspacePath = \"./workspace//\${env.JOB_NAME}-\${safeBranch}\"")
             writer.writeln("}")
             writer.writeln("")
diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.21.11
+0.21.12
