From d2d99a25b763937531d81474657e002f61d9d311 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Fri, 13 Aug 2021 07:51:13 +0200 Subject: [PATCH] Fix NPE in fuzzer (#16680) (#16682) The fuzzer found an issue with the issue pattern processor where there is a spurious path.Clean which does not need to be there. This PR also sets the default AppURL for the fuzzer too. Signed-off-by: Andrew Thornton Co-authored-by: zeripath --- modules/markup/html.go | 2 +- modules/markup/html_test.go | 16 ++++++++++++++++ tools/fuzz.go | 3 +++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/modules/markup/html.go b/modules/markup/html.go index 6d0b4fbea..5ecc307a2 100644 --- a/modules/markup/html.go +++ b/modules/markup/html.go @@ -778,7 +778,7 @@ func fullIssuePatternProcessor(ctx *RenderContext, node *html.Node) { // extract repo and org name from matched link like // http://localhost:3000/gituser/myrepo/issues/1 - linkParts := strings.Split(path.Clean(link), "/") + linkParts := strings.Split(link, "/") matchOrg := linkParts[len(linkParts)-4] matchRepo := linkParts[len(linkParts)-3] diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index dff9102be..3eb2df00a 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -5,6 +5,7 @@ package markup_test import ( + "io" "strings" "testing" @@ -526,3 +527,18 @@ func BenchmarkEmojiPostprocess(b *testing.B) { assert.NoError(b, err) } } + +func TestFuzz(t *testing.T) { + s := "t/l/issues/8#/../../a" + renderContext := RenderContext{ + URLPrefix: "https://example.com/go-gitea/gitea", + Metas: map[string]string{ + "user": "go-gitea", + "repo": "gitea", + }, + } + + err := PostProcess(&renderContext, strings.NewReader(s), io.Discard) + + assert.NoError(t, err) +} diff --git a/tools/fuzz.go b/tools/fuzz.go index b48ae0add..ca35ff4f0 100644 --- a/tools/fuzz.go +++ b/tools/fuzz.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/modules/markup" "code.gitea.io/gitea/modules/markup/markdown" + "code.gitea.io/gitea/modules/setting" ) // Contains fuzzing functions executed by @@ -32,6 +33,7 @@ var ( ) func FuzzMarkdownRenderRaw(data []byte) int { + setting.AppURL = "http://localhost:3000/" err := markdown.RenderRaw(&renderContext, bytes.NewReader(data), io.Discard) if err != nil { return 0 @@ -40,6 +42,7 @@ func FuzzMarkdownRenderRaw(data []byte) int { } func FuzzMarkupPostProcess(data []byte) int { + setting.AppURL = "http://localhost:3000/" err := markup.PostProcess(&renderContext, bytes.NewReader(data), io.Discard) if err != nil { return 0