models/repo_editor: add isRepositoryGitPath to detect invalid file path (#5558)

This commit is contained in:
Unknwon 2018-12-25 10:01:52 -05:00
parent 5f1f1bb5ed
commit 9b37b1569c
2 changed files with 40 additions and 1 deletions

View File

@ -443,6 +443,11 @@ type UploadRepoFileOptions struct {
Files []string // In UUID format
}
// isRepositoryGitPath returns true if given path is or resides inside ".git" path of the repository.
func isRepositoryGitPath(path string) bool {
return strings.HasSuffix(path, ".git") || strings.Contains(path, ".git"+string(os.PathSeparator))
}
func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) (err error) {
if len(opts.Files) == 0 {
return nil
@ -480,7 +485,7 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
}
// Prevent copying files into .git directory, see https://github.com/gogs/gogs/issues/5558.
if strings.HasPrefix(upload.Name, ".git/") {
if isRepositoryGitPath(upload.Name) {
continue
}

View File

@ -0,0 +1,34 @@
// Copyright 2018 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package models
import (
"os"
"testing"
. "github.com/smartystreets/goconvey/convey"
)
func Test_isRepositoryGitPath(t *testing.T) {
Convey("Check if path is or resides inside '.git'", t, func() {
sep := string(os.PathSeparator)
testCases := []struct {
path string
expect bool
}{
{"." + sep + ".git", true},
{"." + sep + ".git" + sep + "", true},
{"." + sep + ".git" + sep + "hooks" + sep + "pre-commit", true},
{".git" + sep + "hooks", true},
{"dir" + sep + ".git", true},
{".gitignore", false},
{"dir" + sep + ".gitkeep", false},
}
for _, tc := range testCases {
So(isRepositoryGitPath(tc.path), ShouldEqual, tc.expect)
}
})
}