Do not convert file path to lowercase (#15023)
* Do not convert file path to lowercase. * lint * Check against lowercase hostname.
This commit is contained in:
parent
032f4c3969
commit
e8ad6c1ff3
42
integrations/migrate_test.go
Normal file
42
integrations/migrate_test.go
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package integrations
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/models"
|
||||||
|
"code.gitea.io/gitea/modules/migrations"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestMigrateLocalPath(t *testing.T) {
|
||||||
|
assert.NoError(t, models.PrepareTestDatabase())
|
||||||
|
|
||||||
|
adminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
|
||||||
|
|
||||||
|
old := setting.ImportLocalPaths
|
||||||
|
setting.ImportLocalPaths = true
|
||||||
|
|
||||||
|
lowercasePath, err := ioutil.TempDir("", "lowercase") // may not be lowercase because TempDir creates a random directory name which may be mixedcase
|
||||||
|
assert.NoError(t, err)
|
||||||
|
defer os.RemoveAll(lowercasePath)
|
||||||
|
|
||||||
|
err = migrations.IsMigrateURLAllowed(lowercasePath, adminUser)
|
||||||
|
assert.NoError(t, err, "case lowercase path")
|
||||||
|
|
||||||
|
mixedcasePath, err := ioutil.TempDir("", "mIxeDCaSe")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
defer os.RemoveAll(mixedcasePath)
|
||||||
|
|
||||||
|
err = migrations.IsMigrateURLAllowed(mixedcasePath, adminUser)
|
||||||
|
assert.NoError(t, err, "case mixedcase path")
|
||||||
|
|
||||||
|
setting.ImportLocalPaths = old
|
||||||
|
}
|
@ -39,7 +39,7 @@ func RegisterDownloaderFactory(factory base.DownloaderFactory) {
|
|||||||
// IsMigrateURLAllowed checks if an URL is allowed to be migrated from
|
// IsMigrateURLAllowed checks if an URL is allowed to be migrated from
|
||||||
func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
|
func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
|
||||||
// Remote address can be HTTP/HTTPS/Git URL or local path.
|
// Remote address can be HTTP/HTTPS/Git URL or local path.
|
||||||
u, err := url.Parse(strings.ToLower(remoteURL))
|
u, err := url.Parse(remoteURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &models.ErrInvalidCloneAddr{IsURLError: true}
|
return &models.ErrInvalidCloneAddr{IsURLError: true}
|
||||||
}
|
}
|
||||||
@ -72,12 +72,13 @@ func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
|
|||||||
return &models.ErrInvalidCloneAddr{Host: u.Host, IsProtocolInvalid: true, IsPermissionDenied: true, IsURLError: true}
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsProtocolInvalid: true, IsPermissionDenied: true, IsURLError: true}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
host := strings.ToLower(u.Host)
|
||||||
if len(setting.Migrations.AllowedDomains) > 0 {
|
if len(setting.Migrations.AllowedDomains) > 0 {
|
||||||
if !allowList.Match(u.Host) {
|
if !allowList.Match(host) {
|
||||||
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if blockList.Match(u.Host) {
|
if blockList.Match(host) {
|
||||||
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -29,6 +29,9 @@ func TestMigrateWhiteBlocklist(t *testing.T) {
|
|||||||
err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
|
err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
err = IsMigrateURLAllowed("https://gITHUb.com/go-gitea/gitea.git", nonAdminUser)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
setting.Migrations.AllowedDomains = []string{}
|
setting.Migrations.AllowedDomains = []string{}
|
||||||
setting.Migrations.BlockedDomains = []string{"github.com"}
|
setting.Migrations.BlockedDomains = []string{"github.com"}
|
||||||
assert.NoError(t, Init())
|
assert.NoError(t, Init())
|
||||||
|
Loading…
Reference in New Issue
Block a user