Refactor filetype is not allowed errors (#7309)
This commit is contained in:
parent
75d4414386
commit
f369788347
|
@ -0,0 +1,49 @@
|
||||||
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package upload
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/log"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ErrFileTypeForbidden not allowed file type error
|
||||||
|
type ErrFileTypeForbidden struct {
|
||||||
|
Type string
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsErrFileTypeForbidden checks if an error is a ErrFileTypeForbidden.
|
||||||
|
func IsErrFileTypeForbidden(err error) bool {
|
||||||
|
_, ok := err.(ErrFileTypeForbidden)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
func (err ErrFileTypeForbidden) Error() string {
|
||||||
|
return fmt.Sprintf("File type is not allowed: %s", err.Type)
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyAllowedContentType validates a file is allowed to be uploaded.
|
||||||
|
func VerifyAllowedContentType(buf []byte, allowedTypes []string) error {
|
||||||
|
fileType := http.DetectContentType(buf)
|
||||||
|
|
||||||
|
allowed := false
|
||||||
|
for _, t := range allowedTypes {
|
||||||
|
t := strings.Trim(t, " ")
|
||||||
|
if t == "*/*" || t == fileType {
|
||||||
|
allowed = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !allowed {
|
||||||
|
log.Info("Attachment with type %s blocked from upload", fileType)
|
||||||
|
return ErrFileTypeForbidden{Type: fileType}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -5,13 +5,12 @@
|
||||||
package repo
|
package repo
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
|
||||||
"net/http"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/upload"
|
||||||
|
|
||||||
api "code.gitea.io/gitea/modules/structs"
|
api "code.gitea.io/gitea/modules/structs"
|
||||||
)
|
)
|
||||||
|
@ -177,20 +176,9 @@ func CreateReleaseAttachment(ctx *context.APIContext) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the filetype is allowed by the settings
|
// Check if the filetype is allowed by the settings
|
||||||
fileType := http.DetectContentType(buf)
|
err = upload.VerifyAllowedContentType(buf, strings.Split(setting.AttachmentAllowedTypes, ","))
|
||||||
|
if err != nil {
|
||||||
allowedTypes := strings.Split(setting.AttachmentAllowedTypes, ",")
|
ctx.Error(400, "DetectContentType", err)
|
||||||
allowed := false
|
|
||||||
for _, t := range allowedTypes {
|
|
||||||
t := strings.Trim(t, " ")
|
|
||||||
if t == "*/*" || t == fileType {
|
|
||||||
allowed = true
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if !allowed {
|
|
||||||
ctx.Error(400, "DetectContentType", errors.New("File type is not allowed"))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,13 +6,13 @@ package repo
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/upload"
|
||||||
)
|
)
|
||||||
|
|
||||||
func renderAttachmentSettings(ctx *context.Context) {
|
func renderAttachmentSettings(ctx *context.Context) {
|
||||||
|
@ -42,21 +42,10 @@ func UploadAttachment(ctx *context.Context) {
|
||||||
if n > 0 {
|
if n > 0 {
|
||||||
buf = buf[:n]
|
buf = buf[:n]
|
||||||
}
|
}
|
||||||
fileType := http.DetectContentType(buf)
|
|
||||||
|
|
||||||
allowedTypes := strings.Split(setting.AttachmentAllowedTypes, ",")
|
err = upload.VerifyAllowedContentType(buf, strings.Split(setting.AttachmentAllowedTypes, ","))
|
||||||
allowed := false
|
if err != nil {
|
||||||
for _, t := range allowedTypes {
|
ctx.Error(400, err.Error())
|
||||||
t := strings.Trim(t, " ")
|
|
||||||
if t == "*/*" || t == fileType {
|
|
||||||
allowed = true
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if !allowed {
|
|
||||||
log.Info("Attachment with type %s blocked from upload", fileType)
|
|
||||||
ctx.Error(400, ErrFileTypeForbidden.Error())
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ package repo
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
@ -20,6 +19,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/repofiles"
|
"code.gitea.io/gitea/modules/repofiles"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/templates"
|
"code.gitea.io/gitea/modules/templates"
|
||||||
|
"code.gitea.io/gitea/modules/upload"
|
||||||
"code.gitea.io/gitea/modules/util"
|
"code.gitea.io/gitea/modules/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -594,20 +594,11 @@ func UploadFileToServer(ctx *context.Context) {
|
||||||
if n > 0 {
|
if n > 0 {
|
||||||
buf = buf[:n]
|
buf = buf[:n]
|
||||||
}
|
}
|
||||||
fileType := http.DetectContentType(buf)
|
|
||||||
|
|
||||||
if len(setting.Repository.Upload.AllowedTypes) > 0 {
|
if len(setting.Repository.Upload.AllowedTypes) > 0 {
|
||||||
allowed := false
|
err = upload.VerifyAllowedContentType(buf, setting.Repository.Upload.AllowedTypes)
|
||||||
for _, t := range setting.Repository.Upload.AllowedTypes {
|
if err != nil {
|
||||||
t := strings.Trim(t, " ")
|
ctx.Error(400, err.Error())
|
||||||
if t == "*/*" || t == fileType {
|
|
||||||
allowed = true
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if !allowed {
|
|
||||||
ctx.Error(400, ErrFileTypeForbidden.Error())
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,8 +41,6 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// ErrFileTypeForbidden not allowed file type error
|
|
||||||
ErrFileTypeForbidden = errors.New("File type is not allowed")
|
|
||||||
// ErrTooManyFiles upload too many files
|
// ErrTooManyFiles upload too many files
|
||||||
ErrTooManyFiles = errors.New("Maximum number of files to upload exceeded")
|
ErrTooManyFiles = errors.New("Maximum number of files to upload exceeded")
|
||||||
// IssueTemplateCandidates issue templates
|
// IssueTemplateCandidates issue templates
|
||||||
|
|
Loading…
Reference in New Issue