From 9396846892e0bb65e1a1d12bf32b16540dc7ae93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo>
Date: Sat, 2 Aug 2025 15:06:13 +0200
Subject: [PATCH] hydra-queue-runner: Validate release name

---
 src/hydra-queue-runner/build-result.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/hydra-queue-runner/build-result.cc b/src/hydra-queue-runner/build-result.cc
index f77e7dde..a5dec9c5 100644
--- a/src/hydra-queue-runner/build-result.cc
+++ b/src/hydra-queue-runner/build-result.cc
@@ -129,8 +129,9 @@ BuildOutput getBuildOutput(
         if (file == narMembers.end() ||
             file->second.type != SourceAccessor::Type::tRegular)
             continue;
-        res.releaseName = trim(file->second.contents.value());
-        // FIXME: validate release name
+        auto contents = trim(file->second.contents.value());
+        if (std::regex_match(contents, std::regex("[a-zA-Z0-9.@:_-]+")))
+            res.releaseName = contents;
     }
 
     /* Get metrics. */