{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-org", expectedStatus: http.StatusCreated},
{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
- {ctxUserID: 2, userID: 3, cloneURL: "https://localhost:3000/user/test_repo.git", repoName: "local-ip", expectedStatus: http.StatusUnprocessableEntity},
+ {ctxUserID: 2, userID: 3, cloneURL: "https://localhost:3000/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},
{ctxUserID: 2, userID: 3, cloneURL: "https://10.0.0.1/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},
}
switch respJSON["message"] {
case "Remote visit addressed rate limitation.":
t.Log("test hit github rate limitation")
- case "migrate from '10.0.0.1' is not allowed: the host resolve to a private ip address '10.0.0.1'":
+ case "You are not allowed to import from private IPs.":
assert.EqualValues(t, "private-ip", testCase.repoName)
- case "migrate from 'localhost:3000' is not allowed: the host resolve to a private ip address '::1'",
- "migrate from 'localhost:3000' is not allowed: the host resolve to a private ip address '127.0.0.1'":
- assert.EqualValues(t, "local-ip", testCase.repoName)
default:
t.Errorf("unexpected error '%v' on url '%s'", respJSON["message"], testCase.cloneURL)
}
// ErrInvalidCloneAddr represents a "InvalidCloneAddr" kind of error.
type ErrInvalidCloneAddr struct {
+ Host string
IsURLError bool
IsInvalidPath bool
+ IsProtocolInvalid bool
IsPermissionDenied bool
+ LocalPath bool
+ NotResolvedIP bool
+ PrivateNet string
}
// IsErrInvalidCloneAddr checks if an error is a ErrInvalidCloneAddr.
func IsErrInvalidCloneAddr(err error) bool {
- _, ok := err.(ErrInvalidCloneAddr)
+ _, ok := err.(*ErrInvalidCloneAddr)
return ok
}
-func (err ErrInvalidCloneAddr) Error() string {
- return fmt.Sprintf("invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]",
- err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied)
+func (err *ErrInvalidCloneAddr) Error() string {
+ if err.NotResolvedIP {
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed: unknown hostname", err.Host)
+ }
+ if len(err.PrivateNet) != 0 {
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed: the host resolve to a private ip address '%s'", err.Host, err.PrivateNet)
+ }
+ if err.IsInvalidPath {
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided path is invalid", err.Host)
+ }
+ if err.IsProtocolInvalid {
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url protocol is not allowed", err.Host)
+ }
+ if err.IsPermissionDenied {
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed.", err.Host)
+ }
+ if err.IsURLError {
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url is invalid", err.Host)
+ }
+
+ return fmt.Sprintf("migration/cloning from '%s' is not allowed", err.Host)
}
// ErrUpdateTaskNotExist represents a "UpdateTaskNotExist" kind of error.
return ok
}
-// ErrMigrationNotAllowed explains why a migration from an url is not allowed
-type ErrMigrationNotAllowed struct {
- Host string
- NotResolvedIP bool
- PrivateNet string
-}
-
-func (e *ErrMigrationNotAllowed) Error() string {
- if e.NotResolvedIP {
- return fmt.Sprintf("migrate from '%s' is not allowed: unknown hostname", e.Host)
- }
- if len(e.PrivateNet) != 0 {
- return fmt.Sprintf("migrate from '%s' is not allowed: the host resolve to a private ip address '%s'", e.Host, e.PrivateNet)
- }
- return fmt.Sprintf("migrate from '%s is not allowed'", e.Host)
-}
-
-// IsErrMigrationNotAllowed checks if an error is a ErrMigrationNotAllowed
-func IsErrMigrationNotAllowed(err error) bool {
- _, ok := err.(*ErrMigrationNotAllowed)
- return ok
-}
-
// __________ .__
// \______ \____________ ____ ____ | |__
// | | _/\_ __ \__ \ / \_/ ___\| | \
// CanImportLocal returns true if user can migrate repository by local path.
func (u *User) CanImportLocal() bool {
- if !setting.ImportLocalPaths {
+ if !setting.ImportLocalPaths || u == nil {
return false
}
return u.IsAdmin || u.AllowImportLocal
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
- "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
- "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/routers/utils"
// ParseRemoteAddr checks if given remote address is valid,
// and returns composed URL with needed username and password.
-// It also checks if given user has permission when remote address
-// is actually a local path.
-func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models.User) (string, error) {
+func ParseRemoteAddr(remoteAddr, authUsername, authPassword string) (string, error) {
remoteAddr = strings.TrimSpace(remoteAddr)
// Remote address can be HTTP/HTTPS/Git URL or local path.
if strings.HasPrefix(remoteAddr, "http://") ||
strings.HasPrefix(remoteAddr, "git://") {
u, err := url.Parse(remoteAddr)
if err != nil {
- return "", models.ErrInvalidCloneAddr{IsURLError: true}
+ return "", &models.ErrInvalidCloneAddr{IsURLError: true}
}
if len(authUsername)+len(authPassword) > 0 {
u.User = url.UserPassword(authUsername, authPassword)
}
remoteAddr = u.String()
- if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteAddr, "%0d") || strings.Contains(remoteAddr, "%0a")) {
- return "", models.ErrInvalidCloneAddr{IsURLError: true}
- }
- } else if !user.CanImportLocal() {
- return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true}
- } else {
- isDir, err := util.IsDir(remoteAddr)
- if err != nil {
- log.Error("Unable to check if %s is a directory: %v", remoteAddr, err)
- return "", err
- }
- if !isDir {
- return "", models.ErrInvalidCloneAddr{IsInvalidPath: true}
- }
}
return remoteAddr, nil
"fmt"
"net"
"net/url"
+ "path/filepath"
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/matchlist"
"code.gitea.io/gitea/modules/migrations/base"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
)
// MigrateOptions is equal to base.MigrateOptions
factories = append(factories, factory)
}
-func isMigrateURLAllowed(remoteURL string) error {
+// IsMigrateURLAllowed checks if an URL is allowed to be migrated from
+func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
+ // Remote address can be HTTP/HTTPS/Git URL or local path.
u, err := url.Parse(strings.ToLower(remoteURL))
if err != nil {
- return err
+ return &models.ErrInvalidCloneAddr{IsURLError: true}
}
- if strings.EqualFold(u.Scheme, "http") || strings.EqualFold(u.Scheme, "https") {
- if len(setting.Migrations.AllowedDomains) > 0 {
- if !allowList.Match(u.Host) {
- return &models.ErrMigrationNotAllowed{Host: u.Host}
- }
- } else {
- if blockList.Match(u.Host) {
- return &models.ErrMigrationNotAllowed{Host: u.Host}
- }
+ if u.Scheme == "file" || u.Scheme == "" {
+ if !doer.CanImportLocal() {
+ return &models.ErrInvalidCloneAddr{Host: "<LOCAL_FILESYSTEM>", IsPermissionDenied: true, LocalPath: true}
+ }
+ isAbs := filepath.IsAbs(u.Host + u.Path)
+ if !isAbs {
+ return &models.ErrInvalidCloneAddr{Host: "<LOCAL_FILESYSTEM>", IsInvalidPath: true, LocalPath: true}
+ }
+ isDir, err := util.IsDir(u.Host + u.Path)
+ if err != nil {
+ log.Error("Unable to check if %s is a directory: %v", u.Host+u.Path, err)
+ return err
+ }
+ if !isDir {
+ return &models.ErrInvalidCloneAddr{Host: "<LOCAL_FILESYSTEM>", IsInvalidPath: true, LocalPath: true}
}
+
+ return nil
+ }
+
+ if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteURL, "%0d") || strings.Contains(remoteURL, "%0a")) {
+ return &models.ErrInvalidCloneAddr{Host: u.Host, IsURLError: true}
}
- if u.Host == "" {
- if !setting.ImportLocalPaths {
- return &models.ErrMigrationNotAllowed{Host: "<LOCAL_FILESYSTEM>"}
+ if u.Opaque != "" || u.Scheme != "" && u.Scheme != "http" && u.Scheme != "https" && u.Scheme != "git" {
+ return &models.ErrInvalidCloneAddr{Host: u.Host, IsProtocolInvalid: true, IsPermissionDenied: true, IsURLError: true}
+ }
+
+ if len(setting.Migrations.AllowedDomains) > 0 {
+ if !allowList.Match(u.Host) {
+ return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
+ }
+ } else {
+ if blockList.Match(u.Host) {
+ return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
}
- return nil
}
if !setting.Migrations.AllowLocalNetworks {
addrList, err := net.LookupIP(strings.Split(u.Host, ":")[0])
if err != nil {
- return &models.ErrMigrationNotAllowed{Host: u.Host, NotResolvedIP: true}
+ return &models.ErrInvalidCloneAddr{Host: u.Host, NotResolvedIP: true}
}
for _, addr := range addrList {
if isIPPrivate(addr) || !addr.IsGlobalUnicast() {
- return &models.ErrMigrationNotAllowed{Host: u.Host, PrivateNet: addr.String()}
+ return &models.ErrInvalidCloneAddr{Host: u.Host, PrivateNet: addr.String(), IsPermissionDenied: true}
}
}
}
// MigrateRepository migrate repository according MigrateOptions
func MigrateRepository(ctx context.Context, doer *models.User, ownerName string, opts base.MigrateOptions) (*models.Repository, error) {
- err := isMigrateURLAllowed(opts.CloneAddr)
+ err := IsMigrateURLAllowed(opts.CloneAddr, doer)
if err != nil {
return nil, err
}
package migrations
import (
+ "path/filepath"
"testing"
+ "code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/setting"
"github.com/stretchr/testify/assert"
)
func TestMigrateWhiteBlocklist(t *testing.T) {
+ assert.NoError(t, models.PrepareTestDatabase())
+
+ adminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
+ nonAdminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
+
setting.Migrations.AllowedDomains = []string{"github.com"}
assert.NoError(t, Init())
- err := isMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git")
+ err := IsMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git", nonAdminUser)
assert.Error(t, err)
- err = isMigrateURLAllowed("https://github.com/go-gitea/gitea.git")
+ err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
assert.NoError(t, err)
setting.Migrations.AllowedDomains = []string{}
setting.Migrations.BlockedDomains = []string{"github.com"}
assert.NoError(t, Init())
- err = isMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git")
+ err = IsMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git", nonAdminUser)
assert.NoError(t, err)
- err = isMigrateURLAllowed("https://github.com/go-gitea/gitea.git")
+ err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
+ assert.Error(t, err)
+
+ err = IsMigrateURLAllowed("https://10.0.0.1/go-gitea/gitea.git", nonAdminUser)
assert.Error(t, err)
+ setting.Migrations.AllowLocalNetworks = true
+ err = IsMigrateURLAllowed("https://10.0.0.1/go-gitea/gitea.git", nonAdminUser)
+ assert.NoError(t, err)
+
old := setting.ImportLocalPaths
setting.ImportLocalPaths = false
- err = isMigrateURLAllowed("/home/foo/bar/goo")
+ err = IsMigrateURLAllowed("/home/foo/bar/goo", adminUser)
assert.Error(t, err)
setting.ImportLocalPaths = true
- err = isMigrateURLAllowed("/home/foo/bar/goo")
+ abs, err := filepath.Abs(".")
+ assert.NoError(t, err)
+
+ err = IsMigrateURLAllowed(abs, adminUser)
+ assert.NoError(t, err)
+
+ err = IsMigrateURLAllowed(abs, nonAdminUser)
+ assert.Error(t, err)
+
+ nonAdminUser.AllowImportLocal = true
+ err = IsMigrateURLAllowed(abs, nonAdminUser)
assert.NoError(t, err)
setting.ImportLocalPaths = old
migrate.clone_address_desc = The HTTP(S) or Git 'clone' URL of an existing repository
migrate.clone_local_path = or a local server path
migrate.permission_denied = You are not allowed to import local repositories.
+migrate.permission_denied_blocked = You are not allowed to import from blocked hosts.
+migrate.permission_denied_private_ip = You are not allowed to import from private IPs.
migrate.invalid_local_path = "The local path is invalid. It does not exist or is not a directory."
migrate.failed = Migration failed: %v
migrate.lfs_mirror_unsupported = Mirroring LFS objects is not supported - use 'git lfs fetch --all' and 'git lfs push --all' instead.
}
}
- remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword, ctx.User)
+ remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
+ if err == nil {
+ err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.User)
+ }
if err != nil {
if models.IsErrInvalidCloneAddr(err) {
- addrErr := err.(models.ErrInvalidCloneAddr)
+ addrErr := err.(*models.ErrInvalidCloneAddr)
switch {
case addrErr.IsURLError:
ctx.Error(http.StatusUnprocessableEntity, "", err)
case addrErr.IsPermissionDenied:
- ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import local repositories.")
+ if addrErr.LocalPath {
+ ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import local repositories.")
+ } else if len(addrErr.PrivateNet) == 0 {
+ ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import from blocked hosts.")
+ } else {
+ ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import from private IPs.")
+ }
case addrErr.IsInvalidPath:
ctx.Error(http.StatusUnprocessableEntity, "", "Invalid local path, it does not exist or not a directory.")
default:
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The username '%s' contains invalid characters.", err.(models.ErrNameCharsNotAllowed).Name))
case models.IsErrNamePatternNotAllowed(err):
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The pattern '%s' is not allowed in a username.", err.(models.ErrNamePatternNotAllowed).Pattern))
- case models.IsErrMigrationNotAllowed(err):
+ case models.IsErrInvalidCloneAddr(err):
ctx.Error(http.StatusUnprocessableEntity, "", err)
case base.IsErrNotSupported(err):
ctx.Error(http.StatusUnprocessableEntity, "", err)
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
auth "code.gitea.io/gitea/modules/forms"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/migrations"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
ctx.Data["Err_RepoName"] = true
ctx.RenderWithErr(ctx.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
default:
- remoteAddr, _ := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword, owner)
+ remoteAddr, _ := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
err = util.URLSanitizedError(err, remoteAddr)
if strings.Contains(err.Error(), "Authentication failed") ||
strings.Contains(err.Error(), "Bad credentials") ||
return
}
- remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword, ctx.User)
+ remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
+ if err == nil {
+ err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.User)
+ }
if err != nil {
if models.IsErrInvalidCloneAddr(err) {
ctx.Data["Err_CloneAddr"] = true
- addrErr := err.(models.ErrInvalidCloneAddr)
+ addrErr := err.(*models.ErrInvalidCloneAddr)
switch {
+ case addrErr.IsProtocolInvalid:
+ ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tpl, &form)
case addrErr.IsURLError:
ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
case addrErr.IsPermissionDenied:
- ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tpl, &form)
+ if len(addrErr.PrivateNet) == 0 {
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_private_ip"), tpl, &form)
+ } else if !addrErr.LocalPath {
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_blocked"), tpl, &form)
+ } else {
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tpl, &form)
+ }
case addrErr.IsInvalidPath:
ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_local_path"), tpl, &form)
default:
- ctx.ServerError("Unknown error", err)
+ log.Error("Error whilst updating url: %v", err)
+ ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
}
} else {
- ctx.ServerError("ParseRemoteAddr", err)
+ log.Error("Error whilst updating url: %v", err)
+ ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
}
return
}
"errors"
"fmt"
"io/ioutil"
- "net/url"
- "regexp"
"strings"
"time"
auth "code.gitea.io/gitea/modules/forms"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/migrations"
"code.gitea.io/gitea/modules/repository"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/services/mailer"
mirror_service "code.gitea.io/gitea/services/mirror"
repo_service "code.gitea.io/gitea/services/repository"
-
- "mvdan.cc/xurls/v2"
)
const (
tplProtectedBranch base.TplName = "repo/settings/protected_branch"
)
-var validFormAddress *regexp.Regexp
-
// Settings show a repository's settings page
func Settings(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("repo.settings")
}
}
- // Validate the form.MirrorAddress
- u, err := url.Parse(form.MirrorAddress)
- if err != nil {
- ctx.Data["Err_MirrorAddress"] = true
- ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
- return
+ address, err := auth.ParseRemoteAddr(form.MirrorAddress, form.MirrorUsername, form.MirrorPassword)
+ if err == nil {
+ err = migrations.IsMigrateURLAllowed(address, ctx.User)
}
-
- if u.Opaque != "" || !(u.Scheme == "http" || u.Scheme == "https" || u.Scheme == "git") {
- ctx.Data["Err_MirrorAddress"] = true
- ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tplSettingsOptions, &form)
- return
- }
-
- if form.MirrorUsername != "" || form.MirrorPassword != "" {
- u.User = url.UserPassword(form.MirrorUsername, form.MirrorPassword)
- }
-
- // Now use xurls
- address := validFormAddress.FindString(form.MirrorAddress)
- if address != form.MirrorAddress && form.MirrorAddress != "" {
- ctx.Data["Err_MirrorAddress"] = true
- ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
- return
- }
-
- if u.EscapedPath() == "" || u.Host == "" || !u.IsAbs() {
+ if err != nil {
+ if models.IsErrInvalidCloneAddr(err) {
+ ctx.Data["Err_MirrorAddress"] = true
+ addrErr := err.(*models.ErrInvalidCloneAddr)
+ switch {
+ case addrErr.IsProtocolInvalid:
+ ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tplSettingsOptions, &form)
+ case addrErr.IsURLError:
+ ctx.RenderWithErr(ctx.Tr("form.url_error"), tplSettingsOptions, &form)
+ case addrErr.IsPermissionDenied:
+ if len(addrErr.PrivateNet) == 0 {
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_private_ip"), tplSettingsOptions, &form)
+ } else if !addrErr.LocalPath {
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_blocked"), tplSettingsOptions, &form)
+ } else {
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tplSettingsOptions, &form)
+ }
+ case addrErr.IsInvalidPath:
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_local_path"), tplSettingsOptions, &form)
+ default:
+ ctx.ServerError("Unknown error", err)
+ }
+ }
ctx.Data["Err_MirrorAddress"] = true
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
return
}
- address = u.String()
-
if err := mirror_service.UpdateAddress(ctx.Repo.Mirror, address); err != nil {
ctx.ServerError("UpdateAddress", err)
return
})
}
-func init() {
- var err error
- validFormAddress, err = xurls.StrictMatchingScheme(`(https?)|(git)://`)
- if err != nil {
- panic(err)
- }
-}
-
// UpdateAvatarSetting update repo's avatar
func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm) error {
ctxRepo := ctx.Repo.Repository
projects / gitea.git / commitdiff