From 7a05e2697f901faf96e85a9f72c7d516d4cc4cff Mon Sep 17 00:00:00 2001 From: zjy Date: Thu, 25 Jan 2024 14:09:14 +0800 Subject: [PATCH] fix: the file path must start with / --- controller/validator/validate.go | 2 +- controller/validator/validate_test.go | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/controller/validator/validate.go b/controller/validator/validate.go index da67f85..8b6be94 100644 --- a/controller/validator/validate.go +++ b/controller/validator/validate.go @@ -12,7 +12,7 @@ var ( ReValidRef = regexp.MustCompile(`^\w+/?\w+$`) ReValidRepo = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_\-]{1,61}[a-zA-Z0-9]$`) ReValidUser = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]{1,28}[a-zA-Z0-9]$`) - ReValidPath = regexp.MustCompile(`^(?:/?[^\x00-\x1F\\/:*?"<>|]+/)*[^\x00-\x1F\\/:*?"<>|]+(\.[^\x00-\x1F\\/:*?"<>|]+)?$`) + ReValidPath = regexp.MustCompile(`^/(?:[^\x00-\x1F\\/:*?"<>|]+/)*[^\x00-\x1F\\/:*?"<>|]+(\.[^\x00-\x1F\\/:*?"<>|]+)?$`) // RepoNameBlackList forbid repo name, reserve for routes RepoNameBlackList = []string{"repository", "repositories", "wip", "wips", "object", "objects", "commit", "commits", "ref", "refs", "repo", "repos", "user", "users"} diff --git a/controller/validator/validate_test.go b/controller/validator/validate_test.go index 776fcb0..c7f870a 100644 --- a/controller/validator/validate_test.go +++ b/controller/validator/validate_test.go @@ -98,7 +98,7 @@ func TestValidateUsername(t *testing.T) { func TestValidateObjectPath(t *testing.T) { //Validate Obj Path - validObjectPaths := []string{"path/to/object", "file.txt", "folder/file.txt", "我的图片.png", "我的文件/我的应用.exe", "私のビデオ.mp3, /video.mp3, /path/pic.png"} + validObjectPaths := []string{"/path/to/object", "/file.txt", "/folder/file.txt", "/我的图片.png", "/我的文件/我的应用.exe", "/私のビデオ.mp3"} for _, path := range validObjectPaths { err := ValidateObjectPath(path) if err != nil { @@ -111,11 +111,12 @@ func TestValidateObjectPath(t *testing.T) { path string error string }{ - {"path/with/null\x00character", "invalid object path: it must not contain null characters or NTFS forbidden characters"}, - {"path/with/invalid/characters/:", "invalid object path: it must not contain null characters or NTFS forbidden characters"}, - {"path/with/invalid/characters/*", "invalid object path: it must not contain null characters or NTFS forbidden characters"}, - {"path/with/invalid/characters/\"", "invalid object path: it must not contain null characters or NTFS forbidden characters"}, - {"path/with/invalid/characters/