Backport #25873 by @KN4CK3R Fixes #25853 - Maven POM files aren't always UTF-8 encoded. - Reject the upload of unparsable POM files Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
This commit is contained in:
parent
026e745b9e
commit
45b1f4dd3b
3 changed files with 30 additions and 2 deletions
|
@ -8,6 +8,8 @@ import (
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/validation"
|
"code.gitea.io/gitea/modules/validation"
|
||||||
|
|
||||||
|
"golang.org/x/net/html/charset"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Metadata represents the metadata of a Maven package
|
// Metadata represents the metadata of a Maven package
|
||||||
|
@ -52,7 +54,10 @@ type pomStruct struct {
|
||||||
// ParsePackageMetaData parses the metadata of a pom file
|
// ParsePackageMetaData parses the metadata of a pom file
|
||||||
func ParsePackageMetaData(r io.Reader) (*Metadata, error) {
|
func ParsePackageMetaData(r io.Reader) (*Metadata, error) {
|
||||||
var pom pomStruct
|
var pom pomStruct
|
||||||
if err := xml.NewDecoder(r).Decode(&pom); err != nil {
|
|
||||||
|
dec := xml.NewDecoder(r)
|
||||||
|
dec.CharsetReader = charset.NewReaderLabel
|
||||||
|
if err := dec.Decode(&pom); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"golang.org/x/text/encoding/charmap"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -69,4 +70,20 @@ func TestParsePackageMetaData(t *testing.T) {
|
||||||
assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID)
|
assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID)
|
||||||
assert.Equal(t, dependencyVersion, m.Dependencies[0].Version)
|
assert.Equal(t, dependencyVersion, m.Dependencies[0].Version)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("Encoding", func(t *testing.T) {
|
||||||
|
// UTF-8 is default but the metadata could be encoded differently
|
||||||
|
pomContent8859_1, err := charmap.ISO8859_1.NewEncoder().String(
|
||||||
|
strings.ReplaceAll(
|
||||||
|
pomContent,
|
||||||
|
`<?xml version="1.0"?>`,
|
||||||
|
`<?xml version="1.0" encoding="ISO-8859-1"?>`,
|
||||||
|
),
|
||||||
|
)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
m, err := ParsePackageMetaData(strings.NewReader(pomContent8859_1))
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotNil(t, m)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,6 +49,11 @@ var (
|
||||||
|
|
||||||
func apiError(ctx *context.Context, status int, obj any) {
|
func apiError(ctx *context.Context, status int, obj any) {
|
||||||
helper.LogAndProcessError(ctx, status, obj, func(message string) {
|
helper.LogAndProcessError(ctx, status, obj, func(message string) {
|
||||||
|
// The maven client does not present the error message to the user. Log it for users with access to server logs.
|
||||||
|
if status == http.StatusBadRequest || status == http.StatusInternalServerError {
|
||||||
|
log.Error(message)
|
||||||
|
}
|
||||||
|
|
||||||
ctx.PlainText(status, message)
|
ctx.PlainText(status, message)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -326,7 +331,8 @@ func UploadPackageFile(ctx *context.Context) {
|
||||||
var err error
|
var err error
|
||||||
pvci.Metadata, err = maven_module.ParsePackageMetaData(buf)
|
pvci.Metadata, err = maven_module.ParsePackageMetaData(buf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Error parsing package metadata: %v", err)
|
apiError(ctx, http.StatusBadRequest, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if pvci.Metadata != nil {
|
if pvci.Metadata != nil {
|
||||||
|
|
Loading…
Reference in a new issue