diff options
author | Gusted <williamzijl7@hotmail.com> | 2022-01-31 00:48:47 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-31 01:48:47 +0200 |
commit | 72256c16a8e425879475252a05262b47b2cc44d4 (patch) | |
tree | 29fc6359e6b51c9e57de49586f84a3b3895c67db /modules | |
parent | b2250d2fb39a1b8a8c78a2739e6e4a94dcc49a19 (diff) | |
download | gitea-72256c16a8e425879475252a05262b47b2cc44d4.tar.gz gitea-72256c16a8e425879475252a05262b47b2cc44d4.zip |
Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472)
* Don't panic & allow shorter sha1
- Don't panic when the full regex isn't matched and allow the usage of a
shorter sha1 being used.
- Resolves #18471
* Update modules/markup/html.go
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'modules')
-rw-r--r-- | modules/markup/html.go | 9 | ||||
-rw-r--r-- | modules/markup/html_test.go | 13 |
2 files changed, 21 insertions, 1 deletions
diff --git a/modules/markup/html.go b/modules/markup/html.go index e28e26c6d1..df2a159230 100644 --- a/modules/markup/html.go +++ b/modules/markup/html.go @@ -55,7 +55,7 @@ var ( anySHA1Pattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(/[-+~_%.a-zA-Z0-9/]+)?(#[-+~_%.a-zA-Z0-9]+)?`) // comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash" - comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(\.\.\.?)([0-9a-f]{40})?(#[-+~_%.a-zA-Z0-9]+)?`) + comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,40})(\.\.\.?)([0-9a-f]{7,40})?(#[-+~_%.a-zA-Z0-9]+)?`) validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`) @@ -946,6 +946,13 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) { return } + // Ensure that every group (m[0]...m[7]) has a match + for i := 0; i < 8; i++ { + if m[i] == -1 { + return + } + } + urlFull := node.Data[m[0]:m[1]] text1 := base.ShortSha(node.Data[m[2]:m[3]]) textDots := base.ShortSha(node.Data[m[4]:m[5]]) diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index ee9b17df2f..29bf6c8fcb 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -548,3 +548,16 @@ func TestFuzz(t *testing.T) { assert.NoError(t, err) } + +func TestIssue18471(t *testing.T) { + data := `http://domain/org/repo/compare/783b039...da951ce` + + var res strings.Builder + err := PostProcess(&RenderContext{ + URLPrefix: "https://example.com", + Metas: localMetas, + }, strings.NewReader(data), &res) + + assert.NoError(t, err) + assert.Equal(t, res.String(), "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">783b039...da951ce</code></a>") +} |