From c715bca9cbf9359401dd86534240d02d086899e0 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 15 Oct 2022 14:05:35 +0200 Subject: [PATCH 1/3] probe if sha before exec git --- modules/git/repo_commit.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/git/repo_commit.go b/modules/git/repo_commit.go index 78e037511e551..ae07c671ed685 100644 --- a/modules/git/repo_commit.go +++ b/modules/git/repo_commit.go @@ -155,7 +155,7 @@ func (repo *Repository) searchCommits(id SHA1, opts SearchCommitsOptions) ([]*Co if len(opts.Keywords) > 0 { for _, v := range opts.Keywords { // ignore anything below 4 characters as too unspecific - if len(v) >= 4 { + if len(v) >= 4 && IsValidSHAPattern(v) { // create new git log command with 1 commit limit hashCmd := NewCommand(repo.Ctx, "log", "-1", prettyLogFormat) // add previous arguments except for --grep and --all From 9d27169243fd8b0b791601681439f20273d16439 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 15 Oct 2022 15:03:58 +0200 Subject: [PATCH 2/3] more test coverage --- modules/git/sha1_test.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 modules/git/sha1_test.go diff --git a/modules/git/sha1_test.go b/modules/git/sha1_test.go new file mode 100644 index 0000000000000..c5c00f5445ee3 --- /dev/null +++ b/modules/git/sha1_test.go @@ -0,0 +1,21 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package git + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestIsValidSHAPattern(t *testing.T) { + assert.True(t, IsValidSHAPattern("fee1")) + assert.True(t, IsValidSHAPattern("abc000")) + assert.True(t, IsValidSHAPattern("9023902390239023902390239023902390239023")) + assert.False(t, IsValidSHAPattern("90239023902390239023902390239023902390239023")) + assert.False(t, IsValidSHAPattern("abc")) + assert.False(t, IsValidSHAPattern("123g")) + assert.False(t, IsValidSHAPattern("some random text")) +} From d2b4aa92da3b6f76153434c357d66d0c16741f1f Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 15 Oct 2022 15:04:13 +0200 Subject: [PATCH 3/3] IsValidSHAPattern is enouth --- modules/git/repo_commit.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/git/repo_commit.go b/modules/git/repo_commit.go index ae07c671ed685..ec72593b80a4e 100644 --- a/modules/git/repo_commit.go +++ b/modules/git/repo_commit.go @@ -154,8 +154,8 @@ func (repo *Repository) searchCommits(id SHA1, opts SearchCommitsOptions) ([]*Co // then let's iterate over them if len(opts.Keywords) > 0 { for _, v := range opts.Keywords { - // ignore anything below 4 characters as too unspecific - if len(v) >= 4 && IsValidSHAPattern(v) { + // ignore anything not matching a valid sha pattern + if IsValidSHAPattern(v) { // create new git log command with 1 commit limit hashCmd := NewCommand(repo.Ctx, "log", "-1", prettyLogFormat) // add previous arguments except for --grep and --all