Ensure validation occurs on clone addresses too (#14994)

* Ensure validation occurs on clone addresses too Fix #14984 Signed-off-by: Andrew Thornton <art27@cantab.net> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * fix test Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix api tests Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-15 21:52:11 +00:00 · 2021-03-15 21:52:11 +00:00 · 6e423d5573
commit 6e423d5573
parent f268b4896b
10 changed files with 166 additions and 130 deletions
--- a/models/error.go
+++ b/models/error.go
@ -855,20 +855,43 @@ func (err ErrRepoRedirectNotExist) Error() string {

 // ErrInvalidCloneAddr represents a "InvalidCloneAddr" kind of error.
 type ErrInvalidCloneAddr struct {
+	Host               string
 	IsURLError         bool
 	IsInvalidPath      bool
+	IsProtocolInvalid  bool
 	IsPermissionDenied bool
+	LocalPath          bool
+	NotResolvedIP      bool
+	PrivateNet         string
 }

 // IsErrInvalidCloneAddr checks if an error is a ErrInvalidCloneAddr.
 func IsErrInvalidCloneAddr(err error) bool {
-	_, ok := err.(ErrInvalidCloneAddr)
+	_, ok := err.(*ErrInvalidCloneAddr)
 	return ok
 }

-func (err ErrInvalidCloneAddr) Error() string {
-	return fmt.Sprintf("invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]",
-		err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied)
+func (err *ErrInvalidCloneAddr) Error() string {
+	if err.NotResolvedIP {
+		return fmt.Sprintf("migration/cloning from '%s' is not allowed: unknown hostname", err.Host)
+	}
+	if len(err.PrivateNet) != 0 {
+		return fmt.Sprintf("migration/cloning from '%s' is not allowed: the host resolve to a private ip address '%s'", err.Host, err.PrivateNet)
+	}
+	if err.IsInvalidPath {
+		return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided path is invalid", err.Host)
+	}
+	if err.IsProtocolInvalid {
+		return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url protocol is not allowed", err.Host)
+	}
+	if err.IsPermissionDenied {
+		return fmt.Sprintf("migration/cloning from '%s' is not allowed.", err.Host)
+	}
+	if err.IsURLError {
+		return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided url is invalid", err.Host)
+	}
+
+	return fmt.Sprintf("migration/cloning from '%s' is not allowed", err.Host)
 }

 // ErrUpdateTaskNotExist represents a "UpdateTaskNotExist" kind of error.
@ -1065,29 +1088,6 @@ func IsErrWontSign(err error) bool {
 	return ok
 }

-// ErrMigrationNotAllowed explains why a migration from an url is not allowed
-type ErrMigrationNotAllowed struct {
-	Host          string
-	NotResolvedIP bool
-	PrivateNet    string
-}
-
-func (e *ErrMigrationNotAllowed) Error() string {
-	if e.NotResolvedIP {
-		return fmt.Sprintf("migrate from '%s' is not allowed: unknown hostname", e.Host)
-	}
-	if len(e.PrivateNet) != 0 {
-		return fmt.Sprintf("migrate from '%s' is not allowed: the host resolve to a private ip address '%s'", e.Host, e.PrivateNet)
-	}
-	return fmt.Sprintf("migrate from '%s is not allowed'", e.Host)
-}
-
-// IsErrMigrationNotAllowed checks if an error is a ErrMigrationNotAllowed
-func IsErrMigrationNotAllowed(err error) bool {
-	_, ok := err.(*ErrMigrationNotAllowed)
-	return ok
-}
-
 // __________                             .__
 // \______   \____________    ____   ____ |  |__
 //  |    |  _/\_  __ \__  \  /    \_/ ___\|  |  \