Use shellquote to unpack arguments to gitea serv (#12624)
Fix #12471 Signed-off-by: Andrew Thornton <art27@cantab.net>release/v1.15
parent
274f9233ab
commit
7ba6fea0b7
33
cmd/serv.go
33
cmd/serv.go
|
@ -25,6 +25,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
|
||||||
"github.com/dgrijalva/jwt-go"
|
"github.com/dgrijalva/jwt-go"
|
||||||
|
"github.com/kballard/go-shellquote"
|
||||||
"github.com/unknwon/com"
|
"github.com/unknwon/com"
|
||||||
"github.com/urfave/cli"
|
"github.com/urfave/cli"
|
||||||
)
|
)
|
||||||
|
@ -59,14 +60,6 @@ func setup(logPath string, debug bool) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseCmd(cmd string) (string, string) {
|
|
||||||
ss := strings.SplitN(cmd, " ", 2)
|
|
||||||
if len(ss) != 2 {
|
|
||||||
return "", ""
|
|
||||||
}
|
|
||||||
return ss[0], strings.Replace(ss[1], "'/", "'", 1)
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
allowedCommands = map[string]models.AccessMode{
|
allowedCommands = map[string]models.AccessMode{
|
||||||
"git-upload-pack": models.AccessModeRead,
|
"git-upload-pack": models.AccessModeRead,
|
||||||
|
@ -126,7 +119,20 @@ func runServ(c *cli.Context) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
verb, args := parseCmd(cmd)
|
words, err := shellquote.Split(cmd)
|
||||||
|
if err != nil {
|
||||||
|
fail("Error parsing arguments", "Failed to parse arguments: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(words) < 2 {
|
||||||
|
fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
|
||||||
|
}
|
||||||
|
|
||||||
|
verb := words[0]
|
||||||
|
repoPath := words[1]
|
||||||
|
if repoPath[0] == '/' {
|
||||||
|
repoPath = repoPath[1:]
|
||||||
|
}
|
||||||
|
|
||||||
var lfsVerb string
|
var lfsVerb string
|
||||||
if verb == lfsAuthenticateVerb {
|
if verb == lfsAuthenticateVerb {
|
||||||
|
@ -134,17 +140,14 @@ func runServ(c *cli.Context) error {
|
||||||
fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
|
fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
|
||||||
}
|
}
|
||||||
|
|
||||||
argsSplit := strings.Split(args, " ")
|
if len(words) > 2 {
|
||||||
if len(argsSplit) >= 2 {
|
lfsVerb = words[2]
|
||||||
args = strings.TrimSpace(argsSplit[0])
|
|
||||||
lfsVerb = strings.TrimSpace(argsSplit[1])
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
repoPath := strings.ToLower(strings.Trim(args, "'"))
|
|
||||||
rr := strings.SplitN(repoPath, "/", 2)
|
rr := strings.SplitN(repoPath, "/", 2)
|
||||||
if len(rr) != 2 {
|
if len(rr) != 2 {
|
||||||
fail("Invalid repository path", "Invalid repository path: %v", args)
|
fail("Invalid repository path", "Invalid repository path: %v", repoPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
username := strings.ToLower(rr[0])
|
username := strings.ToLower(rr[0])
|
||||||
|
|
Loading…
Reference in New Issue