mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-22 12:54:53 -05:00
Ensure validation occurs on clone addresses too (#14994)
* Ensure validation occurs on clone addresses too Fix #14984 Signed-off-by: Andrew Thornton <art27@cantab.net> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * fix test Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix api tests Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
f268b4896b
commit
6e423d5573
10 changed files with 166 additions and 130 deletions
|
@ -309,7 +309,7 @@ func TestAPIRepoMigrate(t *testing.T) {
|
||||||
{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
|
{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
|
||||||
{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-org", expectedStatus: http.StatusCreated},
|
{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-org", expectedStatus: http.StatusCreated},
|
||||||
{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
|
{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
|
||||||
{ctxUserID: 2, userID: 3, cloneURL: "https://localhost:3000/user/test_repo.git", repoName: "local-ip", expectedStatus: http.StatusUnprocessableEntity},
|
{ctxUserID: 2, userID: 3, cloneURL: "https://localhost:3000/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},
|
||||||
{ctxUserID: 2, userID: 3, cloneURL: "https://10.0.0.1/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},
|
{ctxUserID: 2, userID: 3, cloneURL: "https://10.0.0.1/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -330,11 +330,8 @@ func TestAPIRepoMigrate(t *testing.T) {
|
||||||
switch respJSON["message"] {
|
switch respJSON["message"] {
|
||||||
case "Remote visit addressed rate limitation.":
|
case "Remote visit addressed rate limitation.":
|
||||||
t.Log("test hit github rate limitation")
|
t.Log("test hit github rate limitation")
|
||||||
case "migrate from '10.0.0.1' is not allowed: the host resolve to a private ip address '10.0.0.1'":
|
case "You are not allowed to import from private IPs.":
|
||||||
assert.EqualValues(t, "private-ip", testCase.repoName)
|
assert.EqualValues(t, "private-ip", testCase.repoName)
|
||||||
case "migrate from 'localhost:3000' is not allowed: the host resolve to a private ip address '::1'",
|
|
||||||
"migrate from 'localhost:3000' is not allowed: the host resolve to a private ip address '127.0.0.1'":
|
|
||||||
assert.EqualValues(t, "local-ip", testCase.repoName)
|
|
||||||
default:
|
default:
|
||||||
t.Errorf("unexpected error '%v' on url '%s'", respJSON["message"], testCase.cloneURL)
|
t.Errorf("unexpected error '%v' on url '%s'", respJSON["message"], testCase.cloneURL)
|
||||||
}
|
}
|
||||||
|
|
|
@ -855,20 +855,43 @@ func (err ErrRepoRedirectNotExist) Error() string {
|
||||||
|
|
||||||
// ErrInvalidCloneAddr represents a "InvalidCloneAddr" kind of error.
|
// ErrInvalidCloneAddr represents a "InvalidCloneAddr" kind of error.
|
||||||
type ErrInvalidCloneAddr struct {
|
type ErrInvalidCloneAddr struct {
|
||||||
|
Host string
|
||||||
IsURLError bool
|
IsURLError bool
|
||||||
IsInvalidPath bool
|
IsInvalidPath bool
|
||||||
|
IsProtocolInvalid bool
|
||||||
IsPermissionDenied bool
|
IsPermissionDenied bool
|
||||||
|
LocalPath bool
|
||||||
|
NotResolvedIP bool
|
||||||
|
PrivateNet string
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsErrInvalidCloneAddr checks if an error is a ErrInvalidCloneAddr.
|
// IsErrInvalidCloneAddr checks if an error is a ErrInvalidCloneAddr.
|
||||||
func IsErrInvalidCloneAddr(err error) bool {
|
func IsErrInvalidCloneAddr(err error) bool {
|
||||||
_, ok := err.(ErrInvalidCloneAddr)
|
_, ok := err.(*ErrInvalidCloneAddr)
|
||||||
return ok
|
return ok
|
||||||
}
|
}
|
||||||
|
|
||||||
func (err ErrInvalidCloneAddr) Error() string {
|
func (err *ErrInvalidCloneAddr) Error() string {
|
||||||
return fmt.Sprintf("invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]",
|
if err.NotResolvedIP {
|
||||||
err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied)
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed: unknown hostname", err.Host)
|
||||||
|
}
|
||||||
|
if len(err.PrivateNet) != 0 {
|
||||||
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed: the host resolve to a private ip address '%s'", err.Host, err.PrivateNet)
|
||||||
|
}
|
||||||
|
if err.IsInvalidPath {
|
||||||
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided path is invalid", err.Host)
|
||||||
|
}
|
||||||
|
if err.IsProtocolInvalid {
|
||||||
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url protocol is not allowed", err.Host)
|
||||||
|
}
|
||||||
|
if err.IsPermissionDenied {
|
||||||
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed.", err.Host)
|
||||||
|
}
|
||||||
|
if err.IsURLError {
|
||||||
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url is invalid", err.Host)
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("migration/cloning from '%s' is not allowed", err.Host)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ErrUpdateTaskNotExist represents a "UpdateTaskNotExist" kind of error.
|
// ErrUpdateTaskNotExist represents a "UpdateTaskNotExist" kind of error.
|
||||||
|
@ -1065,29 +1088,6 @@ func IsErrWontSign(err error) bool {
|
||||||
return ok
|
return ok
|
||||||
}
|
}
|
||||||
|
|
||||||
// ErrMigrationNotAllowed explains why a migration from an url is not allowed
|
|
||||||
type ErrMigrationNotAllowed struct {
|
|
||||||
Host string
|
|
||||||
NotResolvedIP bool
|
|
||||||
PrivateNet string
|
|
||||||
}
|
|
||||||
|
|
||||||
func (e *ErrMigrationNotAllowed) Error() string {
|
|
||||||
if e.NotResolvedIP {
|
|
||||||
return fmt.Sprintf("migrate from '%s' is not allowed: unknown hostname", e.Host)
|
|
||||||
}
|
|
||||||
if len(e.PrivateNet) != 0 {
|
|
||||||
return fmt.Sprintf("migrate from '%s' is not allowed: the host resolve to a private ip address '%s'", e.Host, e.PrivateNet)
|
|
||||||
}
|
|
||||||
return fmt.Sprintf("migrate from '%s is not allowed'", e.Host)
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsErrMigrationNotAllowed checks if an error is a ErrMigrationNotAllowed
|
|
||||||
func IsErrMigrationNotAllowed(err error) bool {
|
|
||||||
_, ok := err.(*ErrMigrationNotAllowed)
|
|
||||||
return ok
|
|
||||||
}
|
|
||||||
|
|
||||||
// __________ .__
|
// __________ .__
|
||||||
// \______ \____________ ____ ____ | |__
|
// \______ \____________ ____ ____ | |__
|
||||||
// | | _/\_ __ \__ \ / \_/ ___\| | \
|
// | | _/\_ __ \__ \ / \_/ ___\| | \
|
||||||
|
|
|
@ -296,7 +296,7 @@ func (u *User) CanEditGitHook() bool {
|
||||||
|
|
||||||
// CanImportLocal returns true if user can migrate repository by local path.
|
// CanImportLocal returns true if user can migrate repository by local path.
|
||||||
func (u *User) CanImportLocal() bool {
|
func (u *User) CanImportLocal() bool {
|
||||||
if !setting.ImportLocalPaths {
|
if !setting.ImportLocalPaths || u == nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return u.IsAdmin || u.AllowImportLocal
|
return u.IsAdmin || u.AllowImportLocal
|
||||||
|
|
|
@ -12,10 +12,8 @@ import (
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
"code.gitea.io/gitea/modules/log"
|
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/structs"
|
"code.gitea.io/gitea/modules/structs"
|
||||||
"code.gitea.io/gitea/modules/util"
|
|
||||||
"code.gitea.io/gitea/modules/web/middleware"
|
"code.gitea.io/gitea/modules/web/middleware"
|
||||||
"code.gitea.io/gitea/routers/utils"
|
"code.gitea.io/gitea/routers/utils"
|
||||||
|
|
||||||
|
@ -92,9 +90,7 @@ func (f *MigrateRepoForm) Validate(req *http.Request, errs binding.Errors) bindi
|
||||||
|
|
||||||
// ParseRemoteAddr checks if given remote address is valid,
|
// ParseRemoteAddr checks if given remote address is valid,
|
||||||
// and returns composed URL with needed username and password.
|
// and returns composed URL with needed username and password.
|
||||||
// It also checks if given user has permission when remote address
|
func ParseRemoteAddr(remoteAddr, authUsername, authPassword string) (string, error) {
|
||||||
// is actually a local path.
|
|
||||||
func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models.User) (string, error) {
|
|
||||||
remoteAddr = strings.TrimSpace(remoteAddr)
|
remoteAddr = strings.TrimSpace(remoteAddr)
|
||||||
// Remote address can be HTTP/HTTPS/Git URL or local path.
|
// Remote address can be HTTP/HTTPS/Git URL or local path.
|
||||||
if strings.HasPrefix(remoteAddr, "http://") ||
|
if strings.HasPrefix(remoteAddr, "http://") ||
|
||||||
|
@ -102,26 +98,12 @@ func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models
|
||||||
strings.HasPrefix(remoteAddr, "git://") {
|
strings.HasPrefix(remoteAddr, "git://") {
|
||||||
u, err := url.Parse(remoteAddr)
|
u, err := url.Parse(remoteAddr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", models.ErrInvalidCloneAddr{IsURLError: true}
|
return "", &models.ErrInvalidCloneAddr{IsURLError: true}
|
||||||
}
|
}
|
||||||
if len(authUsername)+len(authPassword) > 0 {
|
if len(authUsername)+len(authPassword) > 0 {
|
||||||
u.User = url.UserPassword(authUsername, authPassword)
|
u.User = url.UserPassword(authUsername, authPassword)
|
||||||
}
|
}
|
||||||
remoteAddr = u.String()
|
remoteAddr = u.String()
|
||||||
if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteAddr, "%0d") || strings.Contains(remoteAddr, "%0a")) {
|
|
||||||
return "", models.ErrInvalidCloneAddr{IsURLError: true}
|
|
||||||
}
|
|
||||||
} else if !user.CanImportLocal() {
|
|
||||||
return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true}
|
|
||||||
} else {
|
|
||||||
isDir, err := util.IsDir(remoteAddr)
|
|
||||||
if err != nil {
|
|
||||||
log.Error("Unable to check if %s is a directory: %v", remoteAddr, err)
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
if !isDir {
|
|
||||||
return "", models.ErrInvalidCloneAddr{IsInvalidPath: true}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return remoteAddr, nil
|
return remoteAddr, nil
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
|
@ -17,6 +18,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/matchlist"
|
"code.gitea.io/gitea/modules/matchlist"
|
||||||
"code.gitea.io/gitea/modules/migrations/base"
|
"code.gitea.io/gitea/modules/migrations/base"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
// MigrateOptions is equal to base.MigrateOptions
|
// MigrateOptions is equal to base.MigrateOptions
|
||||||
|
@ -34,39 +36,60 @@ func RegisterDownloaderFactory(factory base.DownloaderFactory) {
|
||||||
factories = append(factories, factory)
|
factories = append(factories, factory)
|
||||||
}
|
}
|
||||||
|
|
||||||
func isMigrateURLAllowed(remoteURL string) error {
|
// IsMigrateURLAllowed checks if an URL is allowed to be migrated from
|
||||||
|
func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
|
||||||
|
// Remote address can be HTTP/HTTPS/Git URL or local path.
|
||||||
u, err := url.Parse(strings.ToLower(remoteURL))
|
u, err := url.Parse(strings.ToLower(remoteURL))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return &models.ErrInvalidCloneAddr{IsURLError: true}
|
||||||
}
|
}
|
||||||
|
|
||||||
if strings.EqualFold(u.Scheme, "http") || strings.EqualFold(u.Scheme, "https") {
|
if u.Scheme == "file" || u.Scheme == "" {
|
||||||
if len(setting.Migrations.AllowedDomains) > 0 {
|
if !doer.CanImportLocal() {
|
||||||
if !allowList.Match(u.Host) {
|
return &models.ErrInvalidCloneAddr{Host: "<LOCAL_FILESYSTEM>", IsPermissionDenied: true, LocalPath: true}
|
||||||
return &models.ErrMigrationNotAllowed{Host: u.Host}
|
}
|
||||||
}
|
isAbs := filepath.IsAbs(u.Host + u.Path)
|
||||||
} else {
|
if !isAbs {
|
||||||
if blockList.Match(u.Host) {
|
return &models.ErrInvalidCloneAddr{Host: "<LOCAL_FILESYSTEM>", IsInvalidPath: true, LocalPath: true}
|
||||||
return &models.ErrMigrationNotAllowed{Host: u.Host}
|
}
|
||||||
}
|
isDir, err := util.IsDir(u.Host + u.Path)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Unable to check if %s is a directory: %v", u.Host+u.Path, err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if !isDir {
|
||||||
|
return &models.ErrInvalidCloneAddr{Host: "<LOCAL_FILESYSTEM>", IsInvalidPath: true, LocalPath: true}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if u.Host == "" {
|
|
||||||
if !setting.ImportLocalPaths {
|
|
||||||
return &models.ErrMigrationNotAllowed{Host: "<LOCAL_FILESYSTEM>"}
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteURL, "%0d") || strings.Contains(remoteURL, "%0a")) {
|
||||||
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsURLError: true}
|
||||||
|
}
|
||||||
|
|
||||||
|
if u.Opaque != "" || u.Scheme != "" && u.Scheme != "http" && u.Scheme != "https" && u.Scheme != "git" {
|
||||||
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsProtocolInvalid: true, IsPermissionDenied: true, IsURLError: true}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(setting.Migrations.AllowedDomains) > 0 {
|
||||||
|
if !allowList.Match(u.Host) {
|
||||||
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if blockList.Match(u.Host) {
|
||||||
|
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if !setting.Migrations.AllowLocalNetworks {
|
if !setting.Migrations.AllowLocalNetworks {
|
||||||
addrList, err := net.LookupIP(strings.Split(u.Host, ":")[0])
|
addrList, err := net.LookupIP(strings.Split(u.Host, ":")[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &models.ErrMigrationNotAllowed{Host: u.Host, NotResolvedIP: true}
|
return &models.ErrInvalidCloneAddr{Host: u.Host, NotResolvedIP: true}
|
||||||
}
|
}
|
||||||
for _, addr := range addrList {
|
for _, addr := range addrList {
|
||||||
if isIPPrivate(addr) || !addr.IsGlobalUnicast() {
|
if isIPPrivate(addr) || !addr.IsGlobalUnicast() {
|
||||||
return &models.ErrMigrationNotAllowed{Host: u.Host, PrivateNet: addr.String()}
|
return &models.ErrInvalidCloneAddr{Host: u.Host, PrivateNet: addr.String(), IsPermissionDenied: true}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -76,7 +99,7 @@ func isMigrateURLAllowed(remoteURL string) error {
|
||||||
|
|
||||||
// MigrateRepository migrate repository according MigrateOptions
|
// MigrateRepository migrate repository according MigrateOptions
|
||||||
func MigrateRepository(ctx context.Context, doer *models.User, ownerName string, opts base.MigrateOptions) (*models.Repository, error) {
|
func MigrateRepository(ctx context.Context, doer *models.User, ownerName string, opts base.MigrateOptions) (*models.Repository, error) {
|
||||||
err := isMigrateURLAllowed(opts.CloneAddr)
|
err := IsMigrateURLAllowed(opts.CloneAddr, doer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,41 +5,65 @@
|
||||||
package migrations
|
package migrations
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/models"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestMigrateWhiteBlocklist(t *testing.T) {
|
func TestMigrateWhiteBlocklist(t *testing.T) {
|
||||||
|
assert.NoError(t, models.PrepareTestDatabase())
|
||||||
|
|
||||||
|
adminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
|
||||||
|
nonAdminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
|
||||||
|
|
||||||
setting.Migrations.AllowedDomains = []string{"github.com"}
|
setting.Migrations.AllowedDomains = []string{"github.com"}
|
||||||
assert.NoError(t, Init())
|
assert.NoError(t, Init())
|
||||||
|
|
||||||
err := isMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git")
|
err := IsMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git", nonAdminUser)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
err = isMigrateURLAllowed("https://github.com/go-gitea/gitea.git")
|
err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
setting.Migrations.AllowedDomains = []string{}
|
setting.Migrations.AllowedDomains = []string{}
|
||||||
setting.Migrations.BlockedDomains = []string{"github.com"}
|
setting.Migrations.BlockedDomains = []string{"github.com"}
|
||||||
assert.NoError(t, Init())
|
assert.NoError(t, Init())
|
||||||
|
|
||||||
err = isMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git")
|
err = IsMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git", nonAdminUser)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
err = isMigrateURLAllowed("https://github.com/go-gitea/gitea.git")
|
err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
|
err = IsMigrateURLAllowed("https://10.0.0.1/go-gitea/gitea.git", nonAdminUser)
|
||||||
|
assert.Error(t, err)
|
||||||
|
|
||||||
|
setting.Migrations.AllowLocalNetworks = true
|
||||||
|
err = IsMigrateURLAllowed("https://10.0.0.1/go-gitea/gitea.git", nonAdminUser)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
old := setting.ImportLocalPaths
|
old := setting.ImportLocalPaths
|
||||||
setting.ImportLocalPaths = false
|
setting.ImportLocalPaths = false
|
||||||
|
|
||||||
err = isMigrateURLAllowed("/home/foo/bar/goo")
|
err = IsMigrateURLAllowed("/home/foo/bar/goo", adminUser)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
|
|
||||||
setting.ImportLocalPaths = true
|
setting.ImportLocalPaths = true
|
||||||
err = isMigrateURLAllowed("/home/foo/bar/goo")
|
abs, err := filepath.Abs(".")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
err = IsMigrateURLAllowed(abs, adminUser)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
err = IsMigrateURLAllowed(abs, nonAdminUser)
|
||||||
|
assert.Error(t, err)
|
||||||
|
|
||||||
|
nonAdminUser.AllowImportLocal = true
|
||||||
|
err = IsMigrateURLAllowed(abs, nonAdminUser)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
setting.ImportLocalPaths = old
|
setting.ImportLocalPaths = old
|
||||||
|
|
|
@ -789,6 +789,8 @@ migrate.clone_address = Migrate / Clone From URL
|
||||||
migrate.clone_address_desc = The HTTP(S) or Git 'clone' URL of an existing repository
|
migrate.clone_address_desc = The HTTP(S) or Git 'clone' URL of an existing repository
|
||||||
migrate.clone_local_path = or a local server path
|
migrate.clone_local_path = or a local server path
|
||||||
migrate.permission_denied = You are not allowed to import local repositories.
|
migrate.permission_denied = You are not allowed to import local repositories.
|
||||||
|
migrate.permission_denied_blocked = You are not allowed to import from blocked hosts.
|
||||||
|
migrate.permission_denied_private_ip = You are not allowed to import from private IPs.
|
||||||
migrate.invalid_local_path = "The local path is invalid. It does not exist or is not a directory."
|
migrate.invalid_local_path = "The local path is invalid. It does not exist or is not a directory."
|
||||||
migrate.failed = Migration failed: %v
|
migrate.failed = Migration failed: %v
|
||||||
migrate.lfs_mirror_unsupported = Mirroring LFS objects is not supported - use 'git lfs fetch --all' and 'git lfs push --all' instead.
|
migrate.lfs_mirror_unsupported = Mirroring LFS objects is not supported - use 'git lfs fetch --all' and 'git lfs push --all' instead.
|
||||||
|
|
|
@ -96,15 +96,24 @@ func Migrate(ctx *context.APIContext) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword, ctx.User)
|
remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
|
||||||
|
if err == nil {
|
||||||
|
err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.User)
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if models.IsErrInvalidCloneAddr(err) {
|
if models.IsErrInvalidCloneAddr(err) {
|
||||||
addrErr := err.(models.ErrInvalidCloneAddr)
|
addrErr := err.(*models.ErrInvalidCloneAddr)
|
||||||
switch {
|
switch {
|
||||||
case addrErr.IsURLError:
|
case addrErr.IsURLError:
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
||||||
case addrErr.IsPermissionDenied:
|
case addrErr.IsPermissionDenied:
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import local repositories.")
|
if addrErr.LocalPath {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import local repositories.")
|
||||||
|
} else if len(addrErr.PrivateNet) == 0 {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import from blocked hosts.")
|
||||||
|
} else {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", "You are not allowed to import from private IPs.")
|
||||||
|
}
|
||||||
case addrErr.IsInvalidPath:
|
case addrErr.IsInvalidPath:
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", "Invalid local path, it does not exist or not a directory.")
|
ctx.Error(http.StatusUnprocessableEntity, "", "Invalid local path, it does not exist or not a directory.")
|
||||||
default:
|
default:
|
||||||
|
@ -219,7 +228,7 @@ func handleMigrateError(ctx *context.APIContext, repoOwner *models.User, remoteA
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The username '%s' contains invalid characters.", err.(models.ErrNameCharsNotAllowed).Name))
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The username '%s' contains invalid characters.", err.(models.ErrNameCharsNotAllowed).Name))
|
||||||
case models.IsErrNamePatternNotAllowed(err):
|
case models.IsErrNamePatternNotAllowed(err):
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The pattern '%s' is not allowed in a username.", err.(models.ErrNamePatternNotAllowed).Pattern))
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("The pattern '%s' is not allowed in a username.", err.(models.ErrNamePatternNotAllowed).Pattern))
|
||||||
case models.IsErrMigrationNotAllowed(err):
|
case models.IsErrInvalidCloneAddr(err):
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
||||||
case base.IsErrNotSupported(err):
|
case base.IsErrNotSupported(err):
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
auth "code.gitea.io/gitea/modules/forms"
|
auth "code.gitea.io/gitea/modules/forms"
|
||||||
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/migrations"
|
"code.gitea.io/gitea/modules/migrations"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/structs"
|
"code.gitea.io/gitea/modules/structs"
|
||||||
|
@ -97,7 +98,7 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam
|
||||||
ctx.Data["Err_RepoName"] = true
|
ctx.Data["Err_RepoName"] = true
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
|
ctx.RenderWithErr(ctx.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
|
||||||
default:
|
default:
|
||||||
remoteAddr, _ := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword, owner)
|
remoteAddr, _ := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
|
||||||
err = util.URLSanitizedError(err, remoteAddr)
|
err = util.URLSanitizedError(err, remoteAddr)
|
||||||
if strings.Contains(err.Error(), "Authentication failed") ||
|
if strings.Contains(err.Error(), "Authentication failed") ||
|
||||||
strings.Contains(err.Error(), "Bad credentials") ||
|
strings.Contains(err.Error(), "Bad credentials") ||
|
||||||
|
@ -138,23 +139,36 @@ func MigratePost(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword, ctx.User)
|
remoteAddr, err := auth.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
|
||||||
|
if err == nil {
|
||||||
|
err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.User)
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if models.IsErrInvalidCloneAddr(err) {
|
if models.IsErrInvalidCloneAddr(err) {
|
||||||
ctx.Data["Err_CloneAddr"] = true
|
ctx.Data["Err_CloneAddr"] = true
|
||||||
addrErr := err.(models.ErrInvalidCloneAddr)
|
addrErr := err.(*models.ErrInvalidCloneAddr)
|
||||||
switch {
|
switch {
|
||||||
|
case addrErr.IsProtocolInvalid:
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tpl, &form)
|
||||||
case addrErr.IsURLError:
|
case addrErr.IsURLError:
|
||||||
ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
|
ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
|
||||||
case addrErr.IsPermissionDenied:
|
case addrErr.IsPermissionDenied:
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tpl, &form)
|
if len(addrErr.PrivateNet) == 0 {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_private_ip"), tpl, &form)
|
||||||
|
} else if !addrErr.LocalPath {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_blocked"), tpl, &form)
|
||||||
|
} else {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tpl, &form)
|
||||||
|
}
|
||||||
case addrErr.IsInvalidPath:
|
case addrErr.IsInvalidPath:
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_local_path"), tpl, &form)
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_local_path"), tpl, &form)
|
||||||
default:
|
default:
|
||||||
ctx.ServerError("Unknown error", err)
|
log.Error("Error whilst updating url: %v", err)
|
||||||
|
ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ctx.ServerError("ParseRemoteAddr", err)
|
log.Error("Error whilst updating url: %v", err)
|
||||||
|
ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, &form)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/url"
|
|
||||||
"regexp"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -20,6 +18,7 @@ import (
|
||||||
auth "code.gitea.io/gitea/modules/forms"
|
auth "code.gitea.io/gitea/modules/forms"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
|
"code.gitea.io/gitea/modules/migrations"
|
||||||
"code.gitea.io/gitea/modules/repository"
|
"code.gitea.io/gitea/modules/repository"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/structs"
|
"code.gitea.io/gitea/modules/structs"
|
||||||
|
@ -30,8 +29,6 @@ import (
|
||||||
"code.gitea.io/gitea/services/mailer"
|
"code.gitea.io/gitea/services/mailer"
|
||||||
mirror_service "code.gitea.io/gitea/services/mirror"
|
mirror_service "code.gitea.io/gitea/services/mirror"
|
||||||
repo_service "code.gitea.io/gitea/services/repository"
|
repo_service "code.gitea.io/gitea/services/repository"
|
||||||
|
|
||||||
"mvdan.cc/xurls/v2"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -44,8 +41,6 @@ const (
|
||||||
tplProtectedBranch base.TplName = "repo/settings/protected_branch"
|
tplProtectedBranch base.TplName = "repo/settings/protected_branch"
|
||||||
)
|
)
|
||||||
|
|
||||||
var validFormAddress *regexp.Regexp
|
|
||||||
|
|
||||||
// Settings show a repository's settings page
|
// Settings show a repository's settings page
|
||||||
func Settings(ctx *context.Context) {
|
func Settings(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("repo.settings")
|
ctx.Data["Title"] = ctx.Tr("repo.settings")
|
||||||
|
@ -169,40 +164,38 @@ func SettingsPost(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate the form.MirrorAddress
|
address, err := auth.ParseRemoteAddr(form.MirrorAddress, form.MirrorUsername, form.MirrorPassword)
|
||||||
u, err := url.Parse(form.MirrorAddress)
|
if err == nil {
|
||||||
|
err = migrations.IsMigrateURLAllowed(address, ctx.User)
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if models.IsErrInvalidCloneAddr(err) {
|
||||||
|
ctx.Data["Err_MirrorAddress"] = true
|
||||||
|
addrErr := err.(*models.ErrInvalidCloneAddr)
|
||||||
|
switch {
|
||||||
|
case addrErr.IsProtocolInvalid:
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tplSettingsOptions, &form)
|
||||||
|
case addrErr.IsURLError:
|
||||||
|
ctx.RenderWithErr(ctx.Tr("form.url_error"), tplSettingsOptions, &form)
|
||||||
|
case addrErr.IsPermissionDenied:
|
||||||
|
if len(addrErr.PrivateNet) == 0 {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_private_ip"), tplSettingsOptions, &form)
|
||||||
|
} else if !addrErr.LocalPath {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_blocked"), tplSettingsOptions, &form)
|
||||||
|
} else {
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tplSettingsOptions, &form)
|
||||||
|
}
|
||||||
|
case addrErr.IsInvalidPath:
|
||||||
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_local_path"), tplSettingsOptions, &form)
|
||||||
|
default:
|
||||||
|
ctx.ServerError("Unknown error", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
ctx.Data["Err_MirrorAddress"] = true
|
ctx.Data["Err_MirrorAddress"] = true
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
|
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if u.Opaque != "" || !(u.Scheme == "http" || u.Scheme == "https" || u.Scheme == "git") {
|
|
||||||
ctx.Data["Err_MirrorAddress"] = true
|
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tplSettingsOptions, &form)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if form.MirrorUsername != "" || form.MirrorPassword != "" {
|
|
||||||
u.User = url.UserPassword(form.MirrorUsername, form.MirrorPassword)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Now use xurls
|
|
||||||
address := validFormAddress.FindString(form.MirrorAddress)
|
|
||||||
if address != form.MirrorAddress && form.MirrorAddress != "" {
|
|
||||||
ctx.Data["Err_MirrorAddress"] = true
|
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if u.EscapedPath() == "" || u.Host == "" || !u.IsAbs() {
|
|
||||||
ctx.Data["Err_MirrorAddress"] = true
|
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
address = u.String()
|
|
||||||
|
|
||||||
if err := mirror_service.UpdateAddress(ctx.Repo.Mirror, address); err != nil {
|
if err := mirror_service.UpdateAddress(ctx.Repo.Mirror, address); err != nil {
|
||||||
ctx.ServerError("UpdateAddress", err)
|
ctx.ServerError("UpdateAddress", err)
|
||||||
return
|
return
|
||||||
|
@ -951,14 +944,6 @@ func DeleteDeployKey(ctx *context.Context) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
|
||||||
var err error
|
|
||||||
validFormAddress, err = xurls.StrictMatchingScheme(`(https?)|(git)://`)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateAvatarSetting update repo's avatar
|
// UpdateAvatarSetting update repo's avatar
|
||||||
func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm) error {
|
func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm) error {
|
||||||
ctxRepo := ctx.Repo.Repository
|
ctxRepo := ctx.Repo.Repository
|
||||||
|
|
Loading…
Reference in a new issue