diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2022-10-23 22:44:45 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-23 22:44:45 +0800 |
| commit | dcd9fc7ee894700f702f3847d7d2a41d6a009b7e (patch) | |
| tree | 76b1d6fdb2a760f3da57bbe566146d1c79ab5a87 /routers/private | |
| parent | 4eeea7b30ee5d90ed4e9410ec5c7d0252ada3a3b (diff) | |
| download | gitea-dcd9fc7ee894700f702f3847d7d2a41d6a009b7e.tar.gz gitea-dcd9fc7ee894700f702f3847d7d2a41d6a009b7e.zip | |
Refactor git command arguments and make all arguments to be safe to be used (#21535)
Follow #21464
Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic.
Diffstat (limited to 'routers/private')
| -rw-r--r-- | routers/private/hook_pre_receive.go | 2 | ||||
| -rw-r--r-- | routers/private/hook_verification.go | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index 3e7d1fe9ef..fdd0a0bc3a 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -186,7 +186,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID, refFullN // 2. Disallow force pushes to protected branches if git.EmptySHA != oldCommitID { - output, _, err := git.NewCommand(ctx, "rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunStdString(&git.RunOpts{Dir: repo.RepoPath(), Env: ctx.env}) + output, _, err := git.NewCommand(ctx, "rev-list", "--max-count=1").AddDynamicArguments(oldCommitID, "^"+newCommitID).RunStdString(&git.RunOpts{Dir: repo.RepoPath(), Env: ctx.env}) if err != nil { log.Error("Unable to detect force push between: %s and %s in %-v Error: %v", oldCommitID, newCommitID, repo, err) ctx.JSON(http.StatusInternalServerError, private.Response{ diff --git a/routers/private/hook_verification.go b/routers/private/hook_verification.go index dfa6195b19..8a2d1cf33d 100644 --- a/routers/private/hook_verification.go +++ b/routers/private/hook_verification.go @@ -44,7 +44,7 @@ func verifyCommits(oldCommitID, newCommitID string, repo *git.Repository, env [] }() // This is safe as force pushes are already forbidden - err = git.NewCommand(repo.Ctx, "rev-list", oldCommitID+"..."+newCommitID). + err = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(oldCommitID + "..." + newCommitID). Run(&git.RunOpts{ Env: env, Dir: repo.Path, @@ -91,7 +91,7 @@ func readAndVerifyCommit(sha string, repo *git.Repository, env []string) error { }() hash := git.MustIDFromString(sha) - return git.NewCommand(repo.Ctx, "cat-file", "commit", sha). + return git.NewCommand(repo.Ctx, "cat-file", "commit").AddDynamicArguments(sha). Run(&git.RunOpts{ Env: env, Dir: repo.Path, |