mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-23 11:01:49 +01:00
git-grep: fix for initial dashes in expressions
There is no reason to reject initial dashes in git-grep expressions... other than the code not supporting it previously. A new method is introduced to relax the security checks.
This commit is contained in:
parent
0d2efa2c4a
commit
f4d86b4ab0
4 changed files with 45 additions and 1 deletions
|
@ -153,6 +153,18 @@ func (c *Command) AddOptionValues(opt internal.CmdArg, args ...string) *Command
|
|||
return c
|
||||
}
|
||||
|
||||
// AddGitGrepExpression adds an expression option (-e) to git-grep command
|
||||
// It is different from AddOptionValues in that it allows the actual expression
|
||||
// to not be filtered out for leading dashes (which is otherwise a security feature
|
||||
// of AddOptionValues).
|
||||
func (c *Command) AddGitGrepExpression(exp string) *Command {
|
||||
if c.args[len(globalCommandArgs)] != "grep" {
|
||||
panic("function called on a non-grep git program: " + c.args[0])
|
||||
}
|
||||
c.args = append(c.args, "-e", exp)
|
||||
return c
|
||||
}
|
||||
|
||||
// AddOptionFormat adds a new option with a format string and arguments
|
||||
// For example: AddOptionFormat("--opt=%s %s", val1, val2) means 1 argument: {"--opt=val1 val2"}.
|
||||
func (c *Command) AddOptionFormat(opt string, args ...any) *Command {
|
||||
|
|
|
@ -61,3 +61,10 @@ func TestCommandString(t *testing.T) {
|
|||
cmd = NewCommandContextNoGlobals(context.Background(), "url: https://a:b@c/")
|
||||
assert.EqualValues(t, cmd.prog+` "url: https://sanitized-credential@c/"`, cmd.toString(true))
|
||||
}
|
||||
|
||||
func TestGrepOnlyFunction(t *testing.T) {
|
||||
cmd := NewCommand(context.Background(), "anything-but-grep")
|
||||
assert.Panics(t, func() {
|
||||
cmd.AddGitGrepExpression("whatever")
|
||||
})
|
||||
}
|
||||
|
|
|
@ -76,7 +76,7 @@ func GrepSearch(ctx context.Context, repo *Repository, search string, opts GrepO
|
|||
words = strings.Fields(search)
|
||||
}
|
||||
for _, word := range words {
|
||||
cmd.AddOptionValues("-e", strings.TrimLeft(word, "-"))
|
||||
cmd.AddGitGrepExpression(word)
|
||||
}
|
||||
|
||||
// pathspec
|
||||
|
|
|
@ -98,6 +98,31 @@ func TestGrepSearch(t *testing.T) {
|
|||
assert.Empty(t, res)
|
||||
}
|
||||
|
||||
func TestGrepDashesAreFine(t *testing.T) {
|
||||
tmpDir := t.TempDir()
|
||||
|
||||
err := InitRepository(DefaultContext, tmpDir, false, Sha1ObjectFormat.Name())
|
||||
require.NoError(t, err)
|
||||
|
||||
gitRepo, err := openRepositoryWithDefaultContext(tmpDir)
|
||||
require.NoError(t, err)
|
||||
defer gitRepo.Close()
|
||||
|
||||
require.NoError(t, os.WriteFile(path.Join(tmpDir, "with-dashes"), []byte("--"), 0o666))
|
||||
require.NoError(t, os.WriteFile(path.Join(tmpDir, "without-dashes"), []byte(".."), 0o666))
|
||||
|
||||
err = AddChanges(tmpDir, true)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = CommitChanges(tmpDir, CommitChangesOptions{Message: "Dashes are cool sometimes"})
|
||||
require.NoError(t, err)
|
||||
|
||||
res, err := GrepSearch(context.Background(), gitRepo, "--", GrepOptions{})
|
||||
require.NoError(t, err)
|
||||
assert.Len(t, res, 1)
|
||||
assert.Equal(t, "with-dashes", res[0].Filename)
|
||||
}
|
||||
|
||||
func TestGrepNoBinary(t *testing.T) {
|
||||
tmpDir := t.TempDir()
|
||||
|
||||
|
|
Loading…
Reference in a new issue