tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-11-03 21:08:25 +00:00
Code Releases Activity

Add support for different Maven POM encoding (#25873)

Browse Source 
Fixes #25853

- Maven POM files aren't always UTF-8 encoded.
- Reject the upload of unparsable POM files
This commit is contained in:
KN4CK3R
2023-07-14 11:39:15 +02:00
committed by GitHub
parent dc679fc9fa
commit bd82d8974e
3 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/packages/maven/metadata.go
View File

@@ -8,6 +8,8 @@ import (
"io" "io"
"code.gitea.io/gitea/modules/validation" "code.gitea.io/gitea/modules/validation"
"golang.org/x/net/html/charset"
) )
// Metadata represents the metadata of a Maven package // Metadata represents the metadata of a Maven package
@@ -52,7 +54,10 @@ type pomStruct struct {
// ParsePackageMetaData parses the metadata of a pom file // ParsePackageMetaData parses the metadata of a pom file
func ParsePackageMetaData(r io.Reader) (*Metadata, error) { func ParsePackageMetaData(r io.Reader) (*Metadata, error) {
var pom pomStruct var pom pomStruct
if err := xml.NewDecoder(r).Decode(&pom); err != nil {
dec := xml.NewDecoder(r)
dec.CharsetReader = charset.NewReaderLabel
if err := dec.Decode(&pom); err != nil {
return nil, err return nil, err
} }

17
modules/packages/maven/metadata_test.go
View File

@@ -8,6 +8,7 @@ import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"golang.org/x/text/encoding/charmap"
) )
const ( const (
@@ -69,4 +70,20 @@ func TestParsePackageMetaData(t *testing.T) {
assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID) assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID)
assert.Equal(t, dependencyVersion, m.Dependencies[0].Version) assert.Equal(t, dependencyVersion, m.Dependencies[0].Version)
}) })
t.Run("Encoding", func(t *testing.T) {
// UTF-8 is default but the metadata could be encoded differently
pomContent8859_1, err := charmap.ISO8859_1.NewEncoder().String(
strings.ReplaceAll(
pomContent,
`<?xml version="1.0"?>`,
`<?xml version="1.0" encoding="ISO-8859-1"?>`,
),
)
assert.NoError(t, err)
m, err := ParsePackageMetaData(strings.NewReader(pomContent8859_1))
assert.NoError(t, err)
assert.NotNil(t, m)
})
} }

8
routers/api/packages/maven/maven.go
View File

@@ -49,6 +49,11 @@ var (
func apiError(ctx *context.Context, status int, obj any) { func apiError(ctx *context.Context, status int, obj any) {
helper.LogAndProcessError(ctx, status, obj, func(message string) { helper.LogAndProcessError(ctx, status, obj, func(message string) {
// The maven client does not present the error message to the user. Log it for users with access to server logs.
if status == http.StatusBadRequest || status == http.StatusInternalServerError {
log.Error(message)
}
ctx.PlainText(status, message) ctx.PlainText(status, message)
}) })
} }
@@ -320,7 +325,8 @@ func UploadPackageFile(ctx *context.Context) {
var err error var err error
pvci.Metadata, err = maven_module.ParsePackageMetaData(buf) pvci.Metadata, err = maven_module.ParsePackageMetaData(buf)
if err != nil { if err != nil {
log.Error("Error parsing package metadata: %v", err) apiError(ctx, http.StatusBadRequest, err)
return
} }
if pvci.Metadata != nil { if pvci.Metadata != nil {