finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix(hook): ignore unknown push options instead of failing

Browse source 
If a repository has

git config --add push.pushOption submit=".sourcehut/*.yml"

it failed when pushed because of the unknown submit push
option. It will be ignored instead.

Filtering out the push options is done in an earlier stage, when the
hook command runs, before it submits the options map to the private
endpoint.

* move all the push options logic to modules/git/pushoptions
* add 100% test coverage for modules/git/pushoptions

Test coverage for the code paths from which code was moved to the
modules/git/pushoptions package:

* cmd/hook.go:runHookPreReceive
* routers/private/hook_pre_receive.go:validatePushOptions
  tests/integration/git_push_test.go:TestOptionsGitPush runs through
  both. The test verifying the option is rejected was removed and, if
  added again, will fail because the option is now ignored instead of
  being rejected.

* cmd/hook.go:runHookProcReceive
* services/agit/agit.go:ProcReceive
  tests/integration/git_test.go: doCreateAgitFlowPull runs through
  both. It uses variations of AGit related push options.

* cmd/hook.go:runHookPostReceive
* routers/private/hook_post_receive.go:HookPostReceive
  tests/integration/git_test.go:doPushCreate called by TestGit/HTTP/sha1/PushCreate
  runs through both.
  Note that although it provides coverage for this code path it does not use push options.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3651
This commit is contained in:
Twenty Panda 2024-06-28 00:37:39 +02:00
parent c7bb90bc6b
commit 5561e80b04
10 changed files with 266 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

28
cmd/hook.go
View file

@ -15,6 +15,7 @@ import (
"time"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/git/pushoptions"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/private"
repo_module "code.gitea.io/gitea/modules/repository"
@ -192,7 +193,7 @@ Forgejo or set your environment appropriately.`, "")
GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
GitObjectDirectory: os.Getenv(private.GitObjectDirectory),
GitQuarantinePath: os.Getenv(private.GitQuarantinePath),
GitPushOptions: pushOptions(),
GitPushOptions: pushoptions.New().ReadEnv().Map(),
PullRequestID: prID,
DeployKeyID: deployKeyID,
ActionPerm: int(actionPerm),
@ -375,7 +376,7 @@ Forgejo or set your environment appropriately.`, "")
GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
GitObjectDirectory: os.Getenv(private.GitObjectDirectory),
GitQuarantinePath: os.Getenv(private.GitQuarantinePath),
GitPushOptions: pushOptions(),
GitPushOptions: pushoptions.New().ReadEnv().Map(),
PullRequestID: prID,
PushTrigger: repo_module.PushTrigger(os.Getenv(repo_module.EnvPushTrigger)),
}
@ -488,21 +489,6 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
}
}
func pushOptions() map[string]string {
opts := make(map[string]string)
if pushCount, err := strconv.Atoi(os.Getenv(private.GitPushOptionCount)); err == nil {
for idx := 0; idx < pushCount; idx++ {
opt := os.Getenv(fmt.Sprintf("GIT_PUSH_OPTION_%d", idx))
key, value, found := strings.Cut(opt, "=")
if !found {
value = "true"
}
opts[key] = value
}
}
return opts
}
func runHookProcReceive(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
@ -627,6 +613,7 @@ Forgejo or set your environment appropriately.`, "")
hookOptions.GitPushOptions = make(map[string]string)
if hasPushOptions {
pushOptions := pushoptions.NewFromMap(&hookOptions.GitPushOptions)
for {
rs, err = readPktLine(ctx, reader, pktLineTypeUnknown)
if err != nil {
@ -636,12 +623,7 @@ Forgejo or set your environment appropriately.`, "")
if rs.Type == pktLineTypeFlush {
break
}
key, value, found := strings.Cut(string(rs.Data), "=")
if !found {
value = "true"
}
hookOptions.GitPushOptions[key] = value
pushOptions.Parse(string(rs.Data))
}
}