mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-30 05:46:09 +01:00
cda44750cb
* Attachments: Add extension support, allow all types for releases - Add support for file extensions, matching the `accept` attribute of `<input type="file">` - Add support for type wildcard mime types, e.g. `image/*` - Create repository.release.ALLOWED_TYPES setting (default unrestricted) - Change default for attachment.ALLOWED_TYPES to a list of extensions - Split out POST /attachments into two endpoints for issue/pr and releases to prevent circumvention of allowed types check Fixes: https://github.com/go-gitea/gitea/pull/10172 Fixes: https://github.com/go-gitea/gitea/issues/7266 Fixes: https://github.com/go-gitea/gitea/pull/12460 Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers * rename function * extract GET routes out of RepoMustNotBeArchived Co-authored-by: Lauris BH <lauris@nix.lv>
196 lines
4 KiB
Go
196 lines
4 KiB
Go
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package upload
|
|
|
|
import (
|
|
"bytes"
|
|
"compress/gzip"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestUpload(t *testing.T) {
|
|
testContent := []byte(`This is a plain text file.`)
|
|
var b bytes.Buffer
|
|
w := gzip.NewWriter(&b)
|
|
w.Write(testContent)
|
|
w.Close()
|
|
|
|
kases := []struct {
|
|
data []byte
|
|
fileName string
|
|
allowedTypes string
|
|
err error
|
|
}{
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "dir/test.txt",
|
|
allowedTypes: "",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "../../../test.txt",
|
|
allowedTypes: "",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: ",",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "|",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "*/*",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "*/*,",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "*/*|",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "text/plain",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "dir/test.txt",
|
|
allowedTypes: "text/plain",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "/dir.txt/test.js",
|
|
allowedTypes: ".js",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: " text/plain ",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: ".txt",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: " .txt,.js",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: " .txt|.js",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "../../test.txt",
|
|
allowedTypes: " .txt|.js",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: " .txt ,.js ",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "text/plain, .txt",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "text/*",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "text/*,.js",
|
|
err: nil,
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "text/**",
|
|
err: ErrFileTypeForbidden{"text/plain; charset=utf-8"},
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: "application/x-gzip",
|
|
err: ErrFileTypeForbidden{"text/plain; charset=utf-8"},
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: ".zip",
|
|
err: ErrFileTypeForbidden{"text/plain; charset=utf-8"},
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: ".zip,.txtx",
|
|
err: ErrFileTypeForbidden{"text/plain; charset=utf-8"},
|
|
},
|
|
{
|
|
data: testContent,
|
|
fileName: "test.txt",
|
|
allowedTypes: ".zip|.txtx",
|
|
err: ErrFileTypeForbidden{"text/plain; charset=utf-8"},
|
|
},
|
|
{
|
|
data: b.Bytes(),
|
|
fileName: "test.txt",
|
|
allowedTypes: "application/x-gzip",
|
|
err: nil,
|
|
},
|
|
}
|
|
|
|
for _, kase := range kases {
|
|
assert.Equal(t, kase.err, Verify(kase.data, kase.fileName, kase.allowedTypes))
|
|
}
|
|
}
|