Validate External Tracker URL Format (#7089)

* Validate External Tracker URL Format

Add some validation checks for external tracker URL format.

Fixes #7068

* Don't make {index} a hard requirement

* Fix Description

* make fmt

* move regex to package level

* fix copyright date

2 files changed, 86 insertions, 0 deletions

diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go
index 9a4dfab7a4..c22e667a2e 100644
--- a/modules/validation/helpers.go
+++ b/modules/validation/helpers.go
@@ -7,6 +7,7 @@ package validation
 import (
 	"net"
 	"net/url"
+	"regexp"
 	"strings"
 
 	"code.gitea.io/gitea/modules/setting"
@@ -14,6 +15,8 @@ import (
 
 var loopbackIPBlocks []*net.IPNet
 
+var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
+
 func init() {
 	for _, cidr := range []string{
 		"127.0.0.0/8", // IPv4 loopback
@@ -75,3 +78,19 @@ func IsValidExternalURL(uri string) bool {
 
 	return true
 }
+
+// IsValidExternalTrackerURLFormat checks if URL matches required syntax for external trackers
+func IsValidExternalTrackerURLFormat(uri string) bool {
+	if !IsValidExternalURL(uri) {
+		return false
+	}
+
+	// check for typoed variables like /{index/ or /[repo}
+	for _, match := range externalTrackerRegex.FindAllStringSubmatch(uri, -1) {
+		if (match[1] == "{" || match[2] == "}") && (match[1] != "{" || match[2] != "}") {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/modules/validation/helpers_test.go b/modules/validation/helpers_test.go
index 875625a02c..9051ee1a0d 100644
--- a/modules/validation/helpers_test.go
+++ b/modules/validation/helpers_test.go
@@ -88,3 +88,70 @@ func Test_IsValidExternalURL(t *testing.T) {
 		})
 	}
 }
+
+func Test_IsValidExternalTrackerURLFormat(t *testing.T) {
+	setting.AppURL = "https://try.gitea.io/"
+
+	cases := []struct {
+		description string
+		url         string
+		valid       bool
+	}{
+		{
+			description: "Correct external tracker URL with all placeholders",
+			url:         "https://github.com/{user}/{repo}/issues/{index}",
+			valid:       true,
+		},
+		{
+			description: "Local external tracker URL with all placeholders",
+			url:         "https://127.0.0.1/{user}/{repo}/issues/{index}",
+			valid:       false,
+		},
+		{
+			description: "External tracker URL with typo placeholder",
+			url:         "https://github.com/{user}/{repo/issues/{index}",
+			valid:       false,
+		},
+		{
+			description: "External tracker URL with typo placeholder",
+			url:         "https://github.com/[user}/{repo/issues/{index}",
+			valid:       false,
+		},
+		{
+			description: "External tracker URL with typo placeholder",
+			url:         "https://github.com/{user}/repo}/issues/{index}",
+			valid:       false,
+		},
+		{
+			description: "External tracker URL missing optional placeholder",
+			url:         "https://github.com/{user}/issues/{index}",
+			valid:       true,
+		},
+		{
+			description: "External tracker URL missing optional placeholder",
+			url:         "https://github.com/{repo}/issues/{index}",
+			valid:       true,
+		},
+		{
+			description: "External tracker URL missing optional placeholder",
+			url:         "https://github.com/issues/{index}",
+			valid:       true,
+		},
+		{
+			description: "External tracker URL missing optional placeholder",
+			url:         "https://github.com/issues/{user}",
+			valid:       true,
+		},
+		{
+			description: "External tracker URL with similar placeholder names test",
+			url:         "https://github.com/user/repo/issues/{index}",
+			valid:       true,
+		},
+	}
+
+	for _, testCase := range cases {
+		t.Run(testCase.description, func(t *testing.T) {
+			assert.Equal(t, testCase.valid, IsValidExternalTrackerURLFormat(testCase.url))
+		})
+	}
+}