Skip to content

Commit

Permalink
Add support for different Maven POM encoding (go-gitea#25873) (go-git…
Browse files Browse the repository at this point in the history
…ea#25890)

Backport go-gitea#25873 by @KN4CK3R

Fixes go-gitea#25853

- Maven POM files aren't always UTF-8 encoded.
- Reject the upload of unparsable POM files

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
  • Loading branch information
GiteaBot and KN4CK3R authored Jul 14, 2023
1 parent 026e745 commit 45b1f4d
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 2 deletions.
7 changes: 6 additions & 1 deletion modules/packages/maven/metadata.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import (
"io"

"code.gitea.io/gitea/modules/validation"

"golang.org/x/net/html/charset"
)

// Metadata represents the metadata of a Maven package
Expand Down Expand Up @@ -52,7 +54,10 @@ type pomStruct struct {
// ParsePackageMetaData parses the metadata of a pom file
func ParsePackageMetaData(r io.Reader) (*Metadata, error) {
var pom pomStruct
if err := xml.NewDecoder(r).Decode(&pom); err != nil {

dec := xml.NewDecoder(r)
dec.CharsetReader = charset.NewReaderLabel
if err := dec.Decode(&pom); err != nil {
return nil, err
}

Expand Down
17 changes: 17 additions & 0 deletions modules/packages/maven/metadata_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"testing"

"github.com/stretchr/testify/assert"
"golang.org/x/text/encoding/charmap"
)

const (
Expand Down Expand Up @@ -69,4 +70,20 @@ func TestParsePackageMetaData(t *testing.T) {
assert.Equal(t, dependencyArtifactID, m.Dependencies[0].ArtifactID)
assert.Equal(t, dependencyVersion, m.Dependencies[0].Version)
})

t.Run("Encoding", func(t *testing.T) {
// UTF-8 is default but the metadata could be encoded differently
pomContent8859_1, err := charmap.ISO8859_1.NewEncoder().String(
strings.ReplaceAll(
pomContent,
`<?xml version="1.0"?>`,
`<?xml version="1.0" encoding="ISO-8859-1"?>`,
),
)
assert.NoError(t, err)

m, err := ParsePackageMetaData(strings.NewReader(pomContent8859_1))
assert.NoError(t, err)
assert.NotNil(t, m)
})
}
8 changes: 7 additions & 1 deletion routers/api/packages/maven/maven.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,11 @@ var (

func apiError(ctx *context.Context, status int, obj any) {
helper.LogAndProcessError(ctx, status, obj, func(message string) {
// The maven client does not present the error message to the user. Log it for users with access to server logs.
if status == http.StatusBadRequest || status == http.StatusInternalServerError {
log.Error(message)
}

ctx.PlainText(status, message)
})
}
Expand Down Expand Up @@ -326,7 +331,8 @@ func UploadPackageFile(ctx *context.Context) {
var err error
pvci.Metadata, err = maven_module.ParsePackageMetaData(buf)
if err != nil {
log.Error("Error parsing package metadata: %v", err)
apiError(ctx, http.StatusBadRequest, err)
return
}

if pvci.Metadata != nil {
Expand Down

0 comments on commit 45b1f4d

Please sign in to comment.