Skip to content

Commit e8ad6c1

Browse files
KN4CK3RKN4CK3R
authored
Do not convert file path to lowercase (#15023)
* Do not convert file path to lowercase. * lint * Check against lowercase hostname.
1 parent 032f4c3 commit e8ad6c1

File tree

3 files changed

+49
-3
lines changed

3 files changed

+49
-3
lines changed

integrations/migrate_test.go

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
// Copyright 2021 The Gitea Authors. All rights reserved.
2+
// Use of this source code is governed by a MIT-style
3+
// license that can be found in the LICENSE file.
4+
5+
package integrations
6+
7+
import (
8+
"io/ioutil"
9+
"os"
10+
"testing"
11+
12+
"code.gitea.io/gitea/models"
13+
"code.gitea.io/gitea/modules/migrations"
14+
"code.gitea.io/gitea/modules/setting"
15+
16+
"github.com/stretchr/testify/assert"
17+
)
18+
19+
func TestMigrateLocalPath(t *testing.T) {
20+
assert.NoError(t, models.PrepareTestDatabase())
21+
22+
adminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
23+
24+
old := setting.ImportLocalPaths
25+
setting.ImportLocalPaths = true
26+
27+
lowercasePath, err := ioutil.TempDir("", "lowercase") // may not be lowercase because TempDir creates a random directory name which may be mixedcase
28+
assert.NoError(t, err)
29+
defer os.RemoveAll(lowercasePath)
30+
31+
err = migrations.IsMigrateURLAllowed(lowercasePath, adminUser)
32+
assert.NoError(t, err, "case lowercase path")
33+
34+
mixedcasePath, err := ioutil.TempDir("", "mIxeDCaSe")
35+
assert.NoError(t, err)
36+
defer os.RemoveAll(mixedcasePath)
37+
38+
err = migrations.IsMigrateURLAllowed(mixedcasePath, adminUser)
39+
assert.NoError(t, err, "case mixedcase path")
40+
41+
setting.ImportLocalPaths = old
42+
}

modules/migrations/migrate.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ func RegisterDownloaderFactory(factory base.DownloaderFactory) {
3939
// IsMigrateURLAllowed checks if an URL is allowed to be migrated from
4040
func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
4141
// Remote address can be HTTP/HTTPS/Git URL or local path.
42-
u, err := url.Parse(strings.ToLower(remoteURL))
42+
u, err := url.Parse(remoteURL)
4343
if err != nil {
4444
return &models.ErrInvalidCloneAddr{IsURLError: true}
4545
}
@@ -72,12 +72,13 @@ func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
7272
return &models.ErrInvalidCloneAddr{Host: u.Host, IsProtocolInvalid: true, IsPermissionDenied: true, IsURLError: true}
7373
}
7474

75+
host := strings.ToLower(u.Host)
7576
if len(setting.Migrations.AllowedDomains) > 0 {
76-
if !allowList.Match(u.Host) {
77+
if !allowList.Match(host) {
7778
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
7879
}
7980
} else {
80-
if blockList.Match(u.Host) {
81+
if blockList.Match(host) {
8182
return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true}
8283
}
8384
}

modules/migrations/migrate_test.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,9 @@ func TestMigrateWhiteBlocklist(t *testing.T) {
2929
err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
3030
assert.NoError(t, err)
3131

32+
err = IsMigrateURLAllowed("https://gITHUb.com/go-gitea/gitea.git", nonAdminUser)
33+
assert.NoError(t, err)
34+
3235
setting.Migrations.AllowedDomains = []string{}
3336
setting.Migrations.BlockedDomains = []string{"github.com"}
3437
assert.NoError(t, Init())

0 commit comments

Comments
 (0)