Ensure validation occurs on clone addresses too (#14994)

* Ensure validation occurs on clone addresses too Fix #14984 Signed-off-by: Andrew Thornton <art27@cantab.net> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * fix test Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix api tests Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2025-10-26 04:17:08 +00:00 · 2021-03-15 21:52:11 +00:00
parent f268b4896b
commit 6e423d5573
10 changed files with 166 additions and 130 deletions
--- a/modules/migrations/migrate_test.go
+++ b/modules/migrations/migrate_test.go
@@ -5,41 +5,65 @@
 package migrations

 import (
+	"path/filepath"
 	"testing"

+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
 )

 func TestMigrateWhiteBlocklist(t *testing.T) {
+	assert.NoError(t, models.PrepareTestDatabase())
+
+	adminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
+	nonAdminUser := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
+
 	setting.Migrations.AllowedDomains = []string{"github.com"}
 	assert.NoError(t, Init())

-	err := isMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git")
+	err := IsMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git", nonAdminUser)
 	assert.Error(t, err)

-	err = isMigrateURLAllowed("https://github.com/go-gitea/gitea.git")
+	err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
 	assert.NoError(t, err)

 	setting.Migrations.AllowedDomains = []string{}
 	setting.Migrations.BlockedDomains = []string{"github.com"}
 	assert.NoError(t, Init())

-	err = isMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git")
+	err = IsMigrateURLAllowed("https://gitlab.com/gitlab/gitlab.git", nonAdminUser)
 	assert.NoError(t, err)

-	err = isMigrateURLAllowed("https://github.com/go-gitea/gitea.git")
+	err = IsMigrateURLAllowed("https://github.com/go-gitea/gitea.git", nonAdminUser)
 	assert.Error(t, err)

+	err = IsMigrateURLAllowed("https://10.0.0.1/go-gitea/gitea.git", nonAdminUser)
+	assert.Error(t, err)
+
+	setting.Migrations.AllowLocalNetworks = true
+	err = IsMigrateURLAllowed("https://10.0.0.1/go-gitea/gitea.git", nonAdminUser)
+	assert.NoError(t, err)
+
 	old := setting.ImportLocalPaths
 	setting.ImportLocalPaths = false

-	err = isMigrateURLAllowed("/home/foo/bar/goo")
+	err = IsMigrateURLAllowed("/home/foo/bar/goo", adminUser)
 	assert.Error(t, err)

 	setting.ImportLocalPaths = true
-	err = isMigrateURLAllowed("/home/foo/bar/goo")
+	abs, err := filepath.Abs(".")
+	assert.NoError(t, err)
+
+	err = IsMigrateURLAllowed(abs, adminUser)
+	assert.NoError(t, err)
+
+	err = IsMigrateURLAllowed(abs, nonAdminUser)
+	assert.Error(t, err)
+
+	nonAdminUser.AllowImportLocal = true
+	err = IsMigrateURLAllowed(abs, nonAdminUser)
 	assert.NoError(t, err)

 	setting.ImportLocalPaths = old