From 45b1f4dd3ba898decbc3472b78bac081e6833cca Mon Sep 17 00:00:00 2001 From: Giteabot Date: Fri, 14 Jul 2023 06:27:15 -0400 Subject: [PATCH] Add support for different Maven POM encoding (#25873) (#25890) Backport #25873 by @KN4CK3R Fixes #25853 - Maven POM files aren't always UTF-8 encoded. - Reject the upload of unparsable POM files Co-authored-by: KN4CK3R --- modules/packages/maven/metadata.go | 7 ++++++- modules/packages/maven/metadata_test.go | 17 +++++++++++++++++ routers/api/packages/maven/maven.go | 8 +++++++- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/modules/packages/maven/metadata.go b/modules/packages/maven/metadata.go index be057c8c07b5..42aa250718d3 100644 --- a/modules/packages/maven/metadata.go +++ b/modules/packages/maven/metadata.go @@ -8,6 +8,8 @@ import ( "io" "code.gitea.io/gitea/modules/validation" + + "golang.org/x/net/html/charset" ) // Metadata represents the metadata of a Maven package @@ -52,7 +54,10 @@ type pomStruct struct { // ParsePackageMetaData parses the metadata of a pom file func ParsePackageMetaData(r io.Reader) (*Metadata, error) { var pom pomStruct - if err := xml.NewDecoder(r).Decode(&pom); err != nil { + + dec := xml.NewDecoder(r) + dec.CharsetReader = charset.NewReaderLabel + if err := dec.Decode(&pom); err != nil { return nil, err } diff --git a/modules/packages/maven/metadata_test.go b/modules/packages/maven/metadata_test.go index f4bc84268e7e..e675467730cc 100644 --- a/modules/packages/maven/metadata_test.go +++ b/modules/packages/maven/metadata_test.go @@ -8,6 +8,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "golang.org/x/text/encoding/charmap" ) const ( @@ -69,4 +70,20 @@ func TestParsePackageMetaData(t *testing.T) { assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID) assert.Equal(t, dependencyVersion, m.Dependencies[0].Version) }) + + t.Run("Encoding", func(t *testing.T) { + // UTF-8 is default but the metadata could be encoded differently + pomContent8859_1, err := charmap.ISO8859_1.NewEncoder().String( + strings.ReplaceAll( + pomContent, + ``, + ``, + ), + ) + assert.NoError(t, err) + + m, err := ParsePackageMetaData(strings.NewReader(pomContent8859_1)) + assert.NoError(t, err) + assert.NotNil(t, m) + }) } diff --git a/routers/api/packages/maven/maven.go b/routers/api/packages/maven/maven.go index e28438f9ba23..b2f55e03ebac 100644 --- a/routers/api/packages/maven/maven.go +++ b/routers/api/packages/maven/maven.go @@ -49,6 +49,11 @@ var ( func apiError(ctx *context.Context, status int, obj any) { helper.LogAndProcessError(ctx, status, obj, func(message string) { + // The maven client does not present the error message to the user. Log it for users with access to server logs. + if status == http.StatusBadRequest || status == http.StatusInternalServerError { + log.Error(message) + } + ctx.PlainText(status, message) }) } @@ -326,7 +331,8 @@ func UploadPackageFile(ctx *context.Context) { var err error pvci.Metadata, err = maven_module.ParsePackageMetaData(buf) if err != nil { - log.Error("Error parsing package metadata: %v", err) + apiError(ctx, http.StatusBadRequest, err) + return } if pvci.Metadata != nil {