forked from gitea/gitea
Backport #25873 by @KN4CK3R Fixes #25853 - Maven POM files aren't always UTF-8 encoded. - Reject the upload of unparsable POM files Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
This commit is contained in:
parent
026e745b9e
commit
45b1f4dd3b
|
@ -8,6 +8,8 @@ import (
|
|||
"io"
|
||||
|
||||
"code.gitea.io/gitea/modules/validation"
|
||||
|
||||
"golang.org/x/net/html/charset"
|
||||
)
|
||||
|
||||
// Metadata represents the metadata of a Maven package
|
||||
|
@ -52,7 +54,10 @@ type pomStruct struct {
|
|||
// ParsePackageMetaData parses the metadata of a pom file
|
||||
func ParsePackageMetaData(r io.Reader) (*Metadata, error) {
|
||||
var pom pomStruct
|
||||
if err := xml.NewDecoder(r).Decode(&pom); err != nil {
|
||||
|
||||
dec := xml.NewDecoder(r)
|
||||
dec.CharsetReader = charset.NewReaderLabel
|
||||
if err := dec.Decode(&pom); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"golang.org/x/text/encoding/charmap"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -69,4 +70,20 @@ func TestParsePackageMetaData(t *testing.T) {
|
|||
assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID)
|
||||
assert.Equal(t, dependencyVersion, m.Dependencies[0].Version)
|
||||
})
|
||||
|
||||
t.Run("Encoding", func(t *testing.T) {
|
||||
// UTF-8 is default but the metadata could be encoded differently
|
||||
pomContent8859_1, err := charmap.ISO8859_1.NewEncoder().String(
|
||||
strings.ReplaceAll(
|
||||
pomContent,
|
||||
`<?xml version="1.0"?>`,
|
||||
`<?xml version="1.0" encoding="ISO-8859-1"?>`,
|
||||
),
|
||||
)
|
||||
assert.NoError(t, err)
|
||||
|
||||
m, err := ParsePackageMetaData(strings.NewReader(pomContent8859_1))
|
||||
assert.NoError(t, err)
|
||||
assert.NotNil(t, m)
|
||||
})
|
||||
}
|
||||
|
|
|
@ -49,6 +49,11 @@ var (
|
|||
|
||||
func apiError(ctx *context.Context, status int, obj any) {
|
||||
helper.LogAndProcessError(ctx, status, obj, func(message string) {
|
||||
// The maven client does not present the error message to the user. Log it for users with access to server logs.
|
||||
if status == http.StatusBadRequest || status == http.StatusInternalServerError {
|
||||
log.Error(message)
|
||||
}
|
||||
|
||||
ctx.PlainText(status, message)
|
||||
})
|
||||
}
|
||||
|
@ -326,7 +331,8 @@ func UploadPackageFile(ctx *context.Context) {
|
|||
var err error
|
||||
pvci.Metadata, err = maven_module.ParsePackageMetaData(buf)
|
||||
if err != nil {
|
||||
log.Error("Error parsing package metadata: %v", err)
|
||||
apiError(ctx, http.StatusBadRequest, err)
|
||||
return
|
||||
}
|
||||
|
||||
if pvci.Metadata != nil {
|
||||
|
|
Loading…
Reference in New Issue