probe if sha before exec git (#21467)

2 files changed, 23 insertions, 2 deletions

diff --git a/modules/git/repo_commit.go b/modules/git/repo_commit.go
index 78e037511e..ec72593b80 100644
--- a/modules/git/repo_commit.go
+++ b/modules/git/repo_commit.go
@@ -154,8 +154,8 @@ func (repo *Repository) searchCommits(id SHA1, opts SearchCommitsOptions) ([]*Co
 	// then let's iterate over them
 	if len(opts.Keywords) > 0 {
 		for _, v := range opts.Keywords {
-			// ignore anything below 4 characters as too unspecific
-			if len(v) >= 4 {
+			// ignore anything not matching a valid sha pattern
+			if IsValidSHAPattern(v) {
 				// create new git log command with 1 commit limit
 				hashCmd := NewCommand(repo.Ctx, "log", "-1", prettyLogFormat)
 				// add previous arguments except for --grep and --all
diff --git a/modules/git/sha1_test.go b/modules/git/sha1_test.go
new file mode 100644
index 0000000000..c5c00f5445
--- /dev/null
+++ b/modules/git/sha1_test.go
@@ -0,0 +1,21 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package git
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsValidSHAPattern(t *testing.T) {
+	assert.True(t, IsValidSHAPattern("fee1"))
+	assert.True(t, IsValidSHAPattern("abc000"))
+	assert.True(t, IsValidSHAPattern("9023902390239023902390239023902390239023"))
+	assert.False(t, IsValidSHAPattern("90239023902390239023902390239023902390239023"))
+	assert.False(t, IsValidSHAPattern("abc"))
+	assert.False(t, IsValidSHAPattern("123g"))
+	assert.False(t, IsValidSHAPattern("some random text"))
+}