probe if sha before exec git (#21467)

2024-08-21 17:58:18 +02:00 · 2022-10-17 16:40:37 +02:00 · 2022-10-17 16:40:37 +02:00 · 18622a0705
Commit 18622a0705
--- a/modules/git/repo_commit.go
+++ b/modules/git/repo_commit.go
@ -154,8 +154,8 @@ func (repo *Repository) searchCommits(id SHA1, opts SearchCommitsOptions) ([]*Co
 	// then let's iterate over them
 	if len(opts.Keywords) > 0 {
 		for _, v := range opts.Keywords {
-			// ignore anything below 4 characters as too unspecific
-			if len(v) >= 4 {
+			// ignore anything not matching a valid sha pattern
+			if IsValidSHAPattern(v) {
 				// create new git log command with 1 commit limit
 				hashCmd := NewCommand(repo.Ctx, "log", "-1", prettyLogFormat)
 				// add previous arguments except for --grep and --all
--- a/modules/git/sha1_test.go
+++ b/modules/git/sha1_test.go
@ -0,0 +1,21 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package git
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsValidSHAPattern(t *testing.T) {
+	assert.True(t, IsValidSHAPattern("fee1"))
+	assert.True(t, IsValidSHAPattern("abc000"))
+	assert.True(t, IsValidSHAPattern("9023902390239023902390239023902390239023"))
+	assert.False(t, IsValidSHAPattern("90239023902390239023902390239023902390239023"))
+	assert.False(t, IsValidSHAPattern("abc"))
+	assert.False(t, IsValidSHAPattern("123g"))
+	assert.False(t, IsValidSHAPattern("some random text"))
+}