mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16727 Commits
17 Branches
Tree: 2360c7ec6c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2360c7ec6c'
${ noResults }
gitea/services/migrations/common.go

common.go 2.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package migrations

  5. 

  6. import (

  7. 	"fmt"

  8. 	"strings"

  9. 

  10. 	system_model "code.gitea.io/gitea/models/system"

  11. 	"code.gitea.io/gitea/modules/git"

  12. 	"code.gitea.io/gitea/modules/log"

  13. 	base "code.gitea.io/gitea/modules/migration"

  14. )

  15. 

  16. // WarnAndNotice will log the provided message and send a repository notice

  17. func WarnAndNotice(fmtStr string, args ...any) {

  18. 	log.Warn(fmtStr, args...)

  19. 	if err := system_model.CreateRepositoryNotice(fmt.Sprintf(fmtStr, args...)); err != nil {

  20. 		log.Error("create repository notice failed: ", err)

  21. 	}

  22. }

  23. 

  24. func hasBaseURL(toCheck, baseURL string) bool {

  25. 	if len(baseURL) > 0 && baseURL[len(baseURL)-1] != '/' {

  26. 		baseURL += "/"

  27. 	}

  28. 	return strings.HasPrefix(toCheck, baseURL)

  29. }

  30. 

  31. // CheckAndEnsureSafePR will check that a given PR is safe to download

  32. func CheckAndEnsureSafePR(pr *base.PullRequest, commonCloneBaseURL string, g base.Downloader) bool {

  33. 	valid := true

  34. 	// SECURITY: the patchURL must be checked to have the same baseURL as the current to prevent open redirect

  35. 	if pr.PatchURL != "" && !hasBaseURL(pr.PatchURL, commonCloneBaseURL) {

  36. 		// TODO: Should we check that this url has the expected format for a patch url?

  37. 		WarnAndNotice("PR #%d in %s has invalid PatchURL: %s baseURL: %s", pr.Number, g, pr.PatchURL, commonCloneBaseURL)

  38. 		pr.PatchURL = ""

  39. 		valid = false

  40. 	}

  41. 

  42. 	// SECURITY: the headCloneURL must be checked to have the same baseURL as the current to prevent open redirect

  43. 	if pr.Head.CloneURL != "" && !hasBaseURL(pr.Head.CloneURL, commonCloneBaseURL) {

  44. 		// TODO: Should we check that this url has the expected format for a patch url?

  45. 		WarnAndNotice("PR #%d in %s has invalid HeadCloneURL: %s baseURL: %s", pr.Number, g, pr.Head.CloneURL, commonCloneBaseURL)

  46. 		pr.Head.CloneURL = ""

  47. 		valid = false

  48. 	}

  49. 

  50. 	// SECURITY: SHAs Must be a SHA

  51. 	if pr.MergeCommitSHA != "" && !git.IsValidSHAPattern(pr.MergeCommitSHA) {

  52. 		WarnAndNotice("PR #%d in %s has invalid MergeCommitSHA: %s", pr.Number, g, pr.MergeCommitSHA)

  53. 		pr.MergeCommitSHA = ""

  54. 	}

  55. 	if pr.Head.SHA != "" && !git.IsValidSHAPattern(pr.Head.SHA) {

  56. 		WarnAndNotice("PR #%d in %s has invalid HeadSHA: %s", pr.Number, g, pr.Head.SHA)

  57. 		pr.Head.SHA = ""

  58. 		valid = false

  59. 	}

  60. 	if pr.Base.SHA != "" && !git.IsValidSHAPattern(pr.Base.SHA) {

  61. 		WarnAndNotice("PR #%d in %s has invalid BaseSHA: %s", pr.Number, g, pr.Base.SHA)

  62. 		pr.Base.SHA = ""

  63. 		valid = false

  64. 	}

  65. 

  66. 	// SECURITY: Refs must be valid refs or SHAs

  67. 	if pr.Head.Ref != "" && !git.IsValidRefPattern(pr.Head.Ref) {

  68. 		WarnAndNotice("PR #%d in %s has invalid HeadRef: %s", pr.Number, g, pr.Head.Ref)

  69. 		pr.Head.Ref = ""

  70. 		valid = false

  71. 	}

  72. 	if pr.Base.Ref != "" && !git.IsValidRefPattern(pr.Base.Ref) {

  73. 		WarnAndNotice("PR #%d in %s has invalid BaseRef: %s", pr.Number, g, pr.Base.Ref)

  74. 		pr.Base.Ref = ""

  75. 		valid = false

  76. 	}

  77. 

  78. 	pr.EnsuredSafe = true

  79. 

  80. 	return valid

  81. }