models/release: filter input to prevent command line argument vulnerability

models/issue.go

@@ -546,9 +546,9 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
 		sess.Desc("created_unix")
 	}
 
-	if opts.Labels != "0" {
+	if len(opts.Labels) > 0 && opts.Labels != "0" {
 		labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
-		if opts.Labels != "" && len(labelIDs) > 0 {
+		if len(labelIDs) > 0 {
 			sess.Join("INNER", "issue_label", "issue.id = issue_label.issue_id").In("label_id", labelIDs)
 		}
 	}
@@ -785,9 +785,9 @@ func GetIssueStats(opts *IssueStatsOptions) *IssueStats {
 	countSession := func(opts *IssueStatsOptions) *xorm.Session {
 		sess := x.Where("issue.repo_id = ?", opts.RepoID).And("is_pull = ?", opts.IsPull)
 
-		if opts.Labels != "0" {
+		if len(opts.Labels) > 0 && opts.Labels != "0" {
 			labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
-			if opts.Labels != "" && len(labelIDs) > 0 {
+			if len(labelIDs) > 0 {
 				sess.Join("INNER", "issue_label", "issue.id = issue_id").In("label_id", labelIDs)
 			}
 		}

models/release.go

@@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
 				return fmt.Errorf("GetBranchCommit: %v", err)
 			}
 
+			// Trim '--' prefix to prevent command line argument vulnerability
+			rel.TagName = strings.TrimPrefix(rel.TagName, "--")
 			if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
 				return err
 			}