aboutsummaryrefslogtreecommitdiffstats
path: root/modules/markup
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-02-18 01:32:14 +0000
committerGitHub <noreply@github.com>2021-02-18 02:32:14 +0100
commit7ab6c77b4120d96b3239f827da8b858f65c36863 (patch)
tree658af939da8845e75f422471bbbc2dd36455f4b3 /modules/markup
parentec06eb112c92d4c49248e69648df6f13e10dff18 (diff)
downloadgitea-7ab6c77b4120d96b3239f827da8b858f65c36863.tar.gz
gitea-7ab6c77b4120d96b3239f827da8b858f65c36863.zip
Remove NULs byte arrays passed to PostProcess (#14587)
PostProcess is supposed to be parsing and handling HTML fragments, but on fuzzing it appears that there is a weird issue with NUL elements that could cause a memory address error in downstream libraries. The simplest solution is to strip out the weird NULs - they should not be there in any case and would be stripped out anyway. Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/markup')
-rw-r--r--modules/markup/html.go24
1 files changed, 23 insertions, 1 deletions
diff --git a/modules/markup/html.go b/modules/markup/html.go
index 67aec7371c..2c2feb0b34 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -324,8 +324,30 @@ func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
// give a generous extra 50 bytes
res := make([]byte, 0, len(rawHTML)+50)
+
+ // prepend "<html><body>"
res = append(res, "<html><body>"...)
- res = append(res, rawHTML...)
+
+ // Strip out nuls - they're always invalid
+ start := bytes.IndexByte(rawHTML, '\000')
+ if start >= 0 {
+ res = append(res, rawHTML[:start]...)
+ start++
+ for start < len(rawHTML) {
+ end := bytes.IndexByte(rawHTML[start:], '\000')
+ if end < 0 {
+ res = append(res, rawHTML[start:]...)
+ break
+ } else if end > 0 {
+ res = append(res, rawHTML[start:start+end]...)
+ }
+ start += end + 1
+ }
+ } else {
+ res = append(res, rawHTML...)
+ }
+
+ // close the tags
res = append(res, "</body></html>"...)
// parse the HTML
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 06:44:26 +0000
000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package models

import (
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestCreateOrUpdateIssueNotifications(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	issue := AssertExistsAndLoadBean(t, &Issue{ID: 1}).(*Issue)

	assert.NoError(t, CreateOrUpdateIssueNotifications(issue.ID, 0, 2, 0))

	// User 9 is inactive, thus notifications for user 1 and 4 are created
	notf := AssertExistsAndLoadBean(t, &Notification{UserID: 1, IssueID: issue.ID}).(*Notification)
	assert.Equal(t, NotificationStatusUnread, notf.Status)
	CheckConsistencyFor(t, &Issue{ID: issue.ID})

	notf = AssertExistsAndLoadBean(t, &Notification{UserID: 4, IssueID: issue.ID}).(*Notification)
	assert.Equal(t, NotificationStatusUnread, notf.Status)
}

func TestNotificationsForUser(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
	statuses := []NotificationStatus{NotificationStatusRead, NotificationStatusUnread}
	notfs, err := NotificationsForUser(user, statuses, 1, 10)
	assert.NoError(t, err)
	if assert.Len(t, notfs, 3) {
		assert.EqualValues(t, 5, notfs[0].ID)
		assert.EqualValues(t, user.ID, notfs[0].UserID)
		assert.EqualValues(t, 4, notfs[1].ID)
		assert.EqualValues(t, user.ID, notfs[1].UserID)
		assert.EqualValues(t, 2, notfs[2].ID)
		assert.EqualValues(t, user.ID, notfs[2].UserID)
	}
}

func TestNotification_GetRepo(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	notf := AssertExistsAndLoadBean(t, &Notification{RepoID: 1}).(*Notification)
	repo, err := notf.GetRepo()
	assert.NoError(t, err)
	assert.Equal(t, repo, notf.Repository)
	assert.EqualValues(t, notf.RepoID, repo.ID)
}

func TestNotification_GetIssue(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	notf := AssertExistsAndLoadBean(t, &Notification{RepoID: 1}).(*Notification)
	issue, err := notf.GetIssue()
	assert.NoError(t, err)
	assert.Equal(t, issue, notf.Issue)
	assert.EqualValues(t, notf.IssueID, issue.ID)
}

func TestGetNotificationCount(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	user := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
	cnt, err := GetNotificationCount(user, NotificationStatusRead)
	assert.NoError(t, err)
	assert.EqualValues(t, 0, cnt)

	cnt, err = GetNotificationCount(user, NotificationStatusUnread)
	assert.NoError(t, err)
	assert.EqualValues(t, 1, cnt)
}

func TestSetNotificationStatus(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
	notf := AssertExistsAndLoadBean(t,
		&Notification{UserID: user.ID, Status: NotificationStatusRead}).(*Notification)
	assert.NoError(t, SetNotificationStatus(notf.ID, user, NotificationStatusPinned))
	AssertExistsAndLoadBean(t,
		&Notification{ID: notf.ID, Status: NotificationStatusPinned})

	assert.Error(t, SetNotificationStatus(1, user, NotificationStatusRead))
	assert.Error(t, SetNotificationStatus(NonexistentID, user, NotificationStatusRead))
}

func TestUpdateNotificationStatuses(t *testing.T) {
	assert.NoError(t, PrepareTestDatabase())
	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
	notfUnread := AssertExistsAndLoadBean(t,
		&Notification{UserID: user.ID, Status: NotificationStatusUnread}).(*Notification)
	notfRead := AssertExistsAndLoadBean(t,
		&Notification{UserID: user.ID, Status: NotificationStatusRead}).(*Notification)
	notfPinned := AssertExistsAndLoadBean(t,
		&Notification{UserID: user.ID, Status: NotificationStatusPinned}).(*Notification)
	assert.NoError(t, UpdateNotificationStatuses(user, NotificationStatusUnread, NotificationStatusRead))
	AssertExistsAndLoadBean(t,
		&Notification{ID: notfUnread.ID, Status: NotificationStatusRead})
	AssertExistsAndLoadBean(t,
		&Notification{ID: notfRead.ID, Status: NotificationStatusRead})
	AssertExistsAndLoadBean(t,
		&Notification{ID: notfPinned.ID, Status: NotificationStatusPinned})
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 06:44:25 +0000