From 658ac1037597e17d6b331469199b219b56389805 Mon Sep 17 00:00:00 2001
From: Hubert Van De Walle <hubv@protonmail.com>
Date: Thu, 10 Sep 2020 23:26:32 +0200
Subject: [PATCH] 400 when a path is entered

---
 src/main/kotlin/starter/Server.kt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/kotlin/starter/Server.kt b/src/main/kotlin/starter/Server.kt
index 4a2cebc..b3203b2 100644
--- a/src/main/kotlin/starter/Server.kt
+++ b/src/main/kotlin/starter/Server.kt
@@ -33,6 +33,13 @@ class Server(
 
             val projectName = inputs.find { it.name == "name" }!!.value!!
             val basePackage = inputs.find { it.name == "basePackage" }!!.value!!
+
+            if (basePackage.contains("/") || basePackage.contains("..")) {
+                ctx.status(400)
+                ctx.result("Invalid Base Package")
+                return@post
+            }
+
             val project = Project(projectName, basePackage, inputs, deps)
 
             ctx.contentType("application/zip")