GitCaddy/GitCaddy Server
Limited
2
0
Fork 0
Code Issues Releases 4
Files
main
gitcaddy-server/services/migrations/common.go
logikonline 12f4ea03a8
Some checks failed
Build and Release / Create Release (push) Successful in 0s
Details
Trigger Vault Plugin Rebuild / Trigger Vault Rebuild (push) Successful in 0s
Details
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 2m48s
Details
Build and Release / Lint (push) Failing after 5m2s
Details
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (amd64, darwin, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (arm64, darwin, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (arm64, linux, linux-latest) (push) Has been skipped
Details
Build and Release / Unit Tests (push) Successful in 5m37s
Details
refactor: add /v3 suffix to module path for proper Go semver 
Go's semantic import versioning requires v2+ modules to include the
major version in the module path. This enables using proper version
tags (v3.x.x) instead of pseudo-versions.

Updated module path: code.gitcaddy.com/server/v3
2026-01-17 17:53:59 -05:00

84 lines
2.9 KiB
Go
Raw Permalink Blame History

// Copyright 2022 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package migrations
import (
"fmt"
"strings"
system_model "code.gitcaddy.com/server/v3/models/system"
"code.gitcaddy.com/server/v3/modules/git"
"code.gitcaddy.com/server/v3/modules/log"
base "code.gitcaddy.com/server/v3/modules/migration"
)
// WarnAndNotice will log the provided message and send a repository notice
func WarnAndNotice(fmtStr string, args ...any) {
log.Warn(fmtStr, args...)
if err := system_model.CreateRepositoryNotice(fmt.Sprintf(fmtStr, args...)); err != nil {
log.Error("create repository notice failed: ", err)
}
}
func hasBaseURL(toCheck, baseURL string) bool {
if len(baseURL) > 0 && baseURL[len(baseURL)-1] != '/' {
baseURL += "/"
}
return strings.HasPrefix(toCheck, baseURL)
}
// CheckAndEnsureSafePR will check that a given PR is safe to download
func CheckAndEnsureSafePR(pr *base.PullRequest, commonCloneBaseURL string, g base.Downloader) bool {
valid := true
// SECURITY: the patchURL must be checked to have the same baseURL as the current to prevent open redirect
if pr.PatchURL != "" && !hasBaseURL(pr.PatchURL, commonCloneBaseURL) {
// TODO: Should we check that this url has the expected format for a patch url?
WarnAndNotice("PR #%d in %s has invalid PatchURL: %s baseURL: %s", pr.Number, g, pr.PatchURL, commonCloneBaseURL)
pr.PatchURL = ""
valid = false
}
// SECURITY: the headCloneURL must be checked to have the same baseURL as the current to prevent open redirect
if pr.Head.CloneURL != "" && !hasBaseURL(pr.Head.CloneURL, commonCloneBaseURL) {
// TODO: Should we check that this url has the expected format for a patch url?
WarnAndNotice("PR #%d in %s has invalid HeadCloneURL: %s baseURL: %s", pr.Number, g, pr.Head.CloneURL, commonCloneBaseURL)
pr.Head.CloneURL = ""
valid = false
}
// SECURITY: SHAs Must be a SHA
// FIXME: hash only a SHA1
CommitType := git.Sha1ObjectFormat
if pr.MergeCommitSHA != "" && !CommitType.IsValid(pr.MergeCommitSHA) {
WarnAndNotice("PR #%d in %s has invalid MergeCommitSHA: %s", pr.Number, g, pr.MergeCommitSHA)
pr.MergeCommitSHA = ""
}
if pr.Head.SHA != "" && !CommitType.IsValid(pr.Head.SHA) {
WarnAndNotice("PR #%d in %s has invalid HeadSHA: %s", pr.Number, g, pr.Head.SHA)
pr.Head.SHA = ""
valid = false
}
if pr.Base.SHA != "" && !CommitType.IsValid(pr.Base.SHA) {
WarnAndNotice("PR #%d in %s has invalid BaseSHA: %s", pr.Number, g, pr.Base.SHA)
pr.Base.SHA = ""
valid = false
}
// SECURITY: Refs must be valid refs or SHAs
if pr.Head.Ref != "" && !git.IsValidRefPattern(pr.Head.Ref) {
WarnAndNotice("PR #%d in %s has invalid HeadRef: %s", pr.Number, g, pr.Head.Ref)
pr.Head.Ref = ""
valid = false
}
if pr.Base.Ref != "" && !git.IsValidRefPattern(pr.Base.Ref) {
WarnAndNotice("PR #%d in %s has invalid BaseRef: %s", pr.Number, g, pr.Base.Ref)
pr.Base.Ref = ""
valid = false
}
pr.EnsuredSafe = true
return valid
}
Reference in New Issue View Git Blame Copy Permalink