From 6e423d5573c20b78d6e21cb044e8f4d5de5b288a Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 15 Mar 2021 21:52:11 +0000 Subject: Ensure validation occurs on clone addresses too (#14994) * Ensure validation occurs on clone addresses too Fix #14984 Signed-off-by: Andrew Thornton * fix lint Signed-off-by: Andrew Thornton * fix test Signed-off-by: Andrew Thornton * Fix api tests Signed-off-by: Andrew Thornton Co-authored-by: techknowlogick --- models/error.go | 54 +++++++++++++++++++++++++++--------------------------- models/user.go | 2 +- 2 files changed, 28 insertions(+), 28 deletions(-) (limited to 'models') diff --git a/models/error.go b/models/error.go index 6a1f7780e6..6e110f94d7 100644 --- a/models/error.go +++ b/models/error.go @@ -855,20 +855,43 @@ func (err ErrRepoRedirectNotExist) Error() string { // ErrInvalidCloneAddr represents a "InvalidCloneAddr" kind of error. type ErrInvalidCloneAddr struct { + Host string IsURLError bool IsInvalidPath bool + IsProtocolInvalid bool IsPermissionDenied bool + LocalPath bool + NotResolvedIP bool + PrivateNet string } // IsErrInvalidCloneAddr checks if an error is a ErrInvalidCloneAddr. func IsErrInvalidCloneAddr(err error) bool { - _, ok := err.(ErrInvalidCloneAddr) + _, ok := err.(*ErrInvalidCloneAddr) return ok } -func (err ErrInvalidCloneAddr) Error() string { - return fmt.Sprintf("invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]", - err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied) +func (err *ErrInvalidCloneAddr) Error() string { + if err.NotResolvedIP { + return fmt.Sprintf("migration/cloning from '%s' is not allowed: unknown hostname", err.Host) + } + if len(err.PrivateNet) != 0 { + return fmt.Sprintf("migration/cloning from '%s' is not allowed: the host resolve to a private ip address '%s'", err.Host, err.PrivateNet) + } + if err.IsInvalidPath { + return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided path is invalid", err.Host) + } + if err.IsProtocolInvalid { + return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url protocol is not allowed", err.Host) + } + if err.IsPermissionDenied { + return fmt.Sprintf("migration/cloning from '%s' is not allowed.", err.Host) + } + if err.IsURLError { + return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url is invalid", err.Host) + } + + return fmt.Sprintf("migration/cloning from '%s' is not allowed", err.Host) } // ErrUpdateTaskNotExist represents a "UpdateTaskNotExist" kind of error. @@ -1065,29 +1088,6 @@ func IsErrWontSign(err error) bool { return ok } -// ErrMigrationNotAllowed explains why a migration from an url is not allowed -type ErrMigrationNotAllowed struct { - Host string - NotResolvedIP bool - PrivateNet string -} - -func (e *ErrMigrationNotAllowed) Error() string { - if e.NotResolvedIP { - return fmt.Sprintf("migrate from '%s' is not allowed: unknown hostname", e.Host) - } - if len(e.PrivateNet) != 0 { - return fmt.Sprintf("migrate from '%s' is not allowed: the host resolve to a private ip address '%s'", e.Host, e.PrivateNet) - } - return fmt.Sprintf("migrate from '%s is not allowed'", e.Host) -} - -// IsErrMigrationNotAllowed checks if an error is a ErrMigrationNotAllowed -func IsErrMigrationNotAllowed(err error) bool { - _, ok := err.(*ErrMigrationNotAllowed) - return ok -} - // __________ .__ // \______ \____________ ____ ____ | |__ // | | _/\_ __ \__ \ / \_/ ___\| | \ diff --git a/models/user.go b/models/user.go index 51c1bb0ce1..098f6af2b3 100644 --- a/models/user.go +++ b/models/user.go @@ -296,7 +296,7 @@ func (u *User) CanEditGitHook() bool { // CanImportLocal returns true if user can migrate repository by local path. func (u *User) CanImportLocal() bool { - if !setting.ImportLocalPaths { + if !setting.ImportLocalPaths || u == nil { return false } return u.IsAdmin || u.AllowImportLocal -- cgit v1.2.3