USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

repo_editor: prohibits uploading files to `.git.` directory (#6970) 

Co-authored-by: Joe Chen <jc@unknwon.io>
pull/6986/head
1135 2022-05-30 19:14:41 +08:00 committed by GitHub
parent 649e9e7f8c
commit 519aeefbd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
internal/db/repo_editor.go
View File

@ -460,7 +460,11 @@ type UploadRepoFileOptions struct {
// isRepositoryGitPath returns true if given path is or resides inside ".git" path of the repository. // isRepositoryGitPath returns true if given path is or resides inside ".git" path of the repository.
func isRepositoryGitPath(path string) bool { func isRepositoryGitPath(path string) bool {
return strings.HasSuffix(path, ".git") || strings.Contains(path, ".git"+string(os.PathSeparator)) return strings.HasSuffix(path, ".git") ||
strings.Contains(path, ".git"+string(os.PathSeparator)) ||
// Windows treats ".git." the same as ".git"
strings.HasSuffix(path, ".git.") ||
strings.Contains(path, ".git."+string(os.PathSeparator))
} }
func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) error { func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) error {

26
internal/db/repo_editor_test.go
View File

@ -13,21 +13,27 @@ import (
func Test_isRepositoryGitPath(t *testing.T) { func Test_isRepositoryGitPath(t *testing.T) {
tests := []struct { tests := []struct {
path string path string
expVal bool wantVal bool
}{ }{
{path: filepath.Join(".", ".git"), expVal: true}, {path: filepath.Join(".", ".git"), wantVal: true},
{path: filepath.Join(".", ".git", ""), expVal: true}, {path: filepath.Join(".", ".git", ""), wantVal: true},
{path: filepath.Join(".", ".git", "hooks", "pre-commit"), expVal: true}, {path: filepath.Join(".", ".git", "hooks", "pre-commit"), wantVal: true},
{path: filepath.Join(".git", "hooks"), expVal: true}, {path: filepath.Join(".git", "hooks"), wantVal: true},
{path: filepath.Join("dir", ".git"), expVal: true}, {path: filepath.Join("dir", ".git"), wantVal: true},
{path: filepath.Join(".gitignore"), expVal: false}, {path: filepath.Join(".", ".git."), wantVal: true},
{path: filepath.Join("dir", ".gitkeep"), expVal: false}, {path: filepath.Join(".", ".git.", ""), wantVal: true},
{path: filepath.Join(".", ".git.", "hooks", "pre-commit"), wantVal: true},
{path: filepath.Join(".git.", "hooks"), wantVal: true},
{path: filepath.Join("dir", ".git."), wantVal: true},
{path: filepath.Join(".gitignore"), wantVal: false},
{path: filepath.Join("dir", ".gitkeep"), wantVal: false},
} }
for _, test := range tests { for _, test := range tests {
t.Run("", func(t *testing.T) { t.Run("", func(t *testing.T) {
assert.Equal(t, test.expVal, isRepositoryGitPath(test.path)) assert.Equal(t, test.wantVal, isRepositoryGitPath(test.path))
}) })
} }
} }