diff options
| author | 1135 <19515911+1135@users.noreply.github.com> | 2022-05-30 19:14:41 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-30 19:14:41 +0800 |
| commit | 519aeefbd93adad833cb45ba36f71622d3068223 (patch) | |
| tree | f7d662d676b6422eef7675c4c3614de5a17012c8 | |
| parent | 649e9e7f8c93324349560f1030f71ef64e79e3c6 (diff) | |
repo_editor: prohibits uploading files to `.git.` directory (#6970)
Co-authored-by: Joe Chen <jc@unknwon.io>
| -rw-r--r-- | internal/db/repo_editor.go | 6 | ||||
| -rw-r--r-- | internal/db/repo_editor_test.go | 26 |
2 files changed, 21 insertions, 11 deletions
diff --git a/internal/db/repo_editor.go b/internal/db/repo_editor.go index 71a8cfea..53a733a7 100644 --- a/internal/db/repo_editor.go +++ b/internal/db/repo_editor.go @@ -460,7 +460,11 @@ type UploadRepoFileOptions struct { // isRepositoryGitPath returns true if given path is or resides inside ".git" path of the repository. func isRepositoryGitPath(path string) bool { - return strings.HasSuffix(path, ".git") || strings.Contains(path, ".git"+string(os.PathSeparator)) + return strings.HasSuffix(path, ".git") || + strings.Contains(path, ".git"+string(os.PathSeparator)) || + // Windows treats ".git." the same as ".git" + strings.HasSuffix(path, ".git.") || + strings.Contains(path, ".git."+string(os.PathSeparator)) } func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) error { diff --git a/internal/db/repo_editor_test.go b/internal/db/repo_editor_test.go index 1b7d2265..ea2bf7a9 100644 --- a/internal/db/repo_editor_test.go +++ b/internal/db/repo_editor_test.go @@ -13,21 +13,27 @@ import ( func Test_isRepositoryGitPath(t *testing.T) { tests := []struct { - path string - expVal bool + path string + wantVal bool }{ - {path: filepath.Join(".", ".git"), expVal: true}, - {path: filepath.Join(".", ".git", ""), expVal: true}, - {path: filepath.Join(".", ".git", "hooks", "pre-commit"), expVal: true}, - {path: filepath.Join(".git", "hooks"), expVal: true}, - {path: filepath.Join("dir", ".git"), expVal: true}, + {path: filepath.Join(".", ".git"), wantVal: true}, + {path: filepath.Join(".", ".git", ""), wantVal: true}, + {path: filepath.Join(".", ".git", "hooks", "pre-commit"), wantVal: true}, + {path: filepath.Join(".git", "hooks"), wantVal: true}, + {path: filepath.Join("dir", ".git"), wantVal: true}, - {path: filepath.Join(".gitignore"), expVal: false}, - {path: filepath.Join("dir", ".gitkeep"), expVal: false}, + {path: filepath.Join(".", ".git."), wantVal: true}, + {path: filepath.Join(".", ".git.", ""), wantVal: true}, + {path: filepath.Join(".", ".git.", "hooks", "pre-commit"), wantVal: true}, + {path: filepath.Join(".git.", "hooks"), wantVal: true}, + {path: filepath.Join("dir", ".git."), wantVal: true}, + + {path: filepath.Join(".gitignore"), wantVal: false}, + {path: filepath.Join("dir", ".gitkeep"), wantVal: false}, } for _, test := range tests { t.Run("", func(t *testing.T) { - assert.Equal(t, test.expVal, isRepositoryGitPath(test.path)) + assert.Equal(t, test.wantVal, isRepositoryGitPath(test.path)) }) } } |