From 252801cea8299f8956d005a035362205137e2ca5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo>
Date: Sat, 2 Aug 2025 15:05:33 +0200
Subject: [PATCH] hydra-queue-runner: Verify product names in
 hydra-build-products

---
 src/hydra-queue-runner/build-result.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/hydra-queue-runner/build-result.cc b/src/hydra-queue-runner/build-result.cc
index 1874b085..f77e7dde 100644
--- a/src/hydra-queue-runner/build-result.cc
+++ b/src/hydra-queue-runner/build-result.cc
@@ -93,6 +93,8 @@ BuildOutput getBuildOutput(
             if (file == narMembers.end()) continue;
 
             product.name = product.path == store->printStorePath(output) ? "" : baseNameOf(product.path);
+            if (!std::regex_match(product.name, std::regex("[a-zA-Z0-9.@:_ -]*")))
+                product.name = "";
 
             if (file->second.type == SourceAccessor::Type::tRegular) {
                 product.isRegular = true;