Skip to content

Commit

Permalink
Only allow returned deleted branche to be on repo (go-gitea#17570)
Browse files Browse the repository at this point in the history
- This will only allow `GetDeletedBranchByID` to return deletedBranch
which are on the repo, and thus don't return a deletedBranch from
another repo.
- This just should prevent possible bugs in the futher when a code is
passing the wrong ID into this function.
  • Loading branch information
Gusted authored and Stelios Malathouras committed Mar 28, 2022
1 parent 4aceb72 commit 98233ed
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
2 changes: 1 addition & 1 deletion models/branches.go
Original file line number Diff line number Diff line change
Expand Up @@ -536,7 +536,7 @@ func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) {
// GetDeletedBranchByID get a deleted branch by its ID
func (repo *Repository) GetDeletedBranchByID(id int64) (*DeletedBranch, error) {
deletedBranch := &DeletedBranch{}
has, err := db.GetEngine(db.DefaultContext).ID(id).Get(deletedBranch)
has, err := db.GetEngine(db.DefaultContext).Where("repo_id = ?", repo.ID).And("id = ?", id).Get(deletedBranch)
if err != nil {
return nil, err
}
Expand Down
25 changes: 25 additions & 0 deletions models/branches_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,3 +128,28 @@ func TestRenameBranch(t *testing.T) {
BranchName: "main",
})
}

func TestOnlyGetDeletedBranchOnCorrectRepo(t *testing.T) {
assert.NoError(t, db.PrepareTestDatabase())

// Get deletedBranch with ID of 1 on repo with ID 2.
// This should return a nil branch as this deleted branch
// is actually on repo with ID 1.
repo2 := db.AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository)

deletedBranch, err := repo2.GetDeletedBranchByID(1)

// Expect no error, and the returned branch is nil.
assert.NoError(t, err)
assert.Nil(t, deletedBranch)

// Now get the deletedBranch with ID of 1 on repo with ID 1.
// This should return the deletedBranch.
repo1 := db.AssertExistsAndLoadBean(t, &Repository{ID: 1}).(*Repository)

deletedBranch, err = repo1.GetDeletedBranchByID(1)

// Expect no error, and the returned branch to be not nil.
assert.NoError(t, err)
assert.NotNil(t, deletedBranch)
}

0 comments on commit 98233ed

Please sign in to comment.