Skip to content

Commit 88d7910

Browse files
lunnylafriks
lunny
authored and
lafriks
committed
add valid for lfs oid (#4461) (#4477)
1 parent b37ca4a commit 88d7910

File tree

1 file changed

+18
-9
lines changed

1 file changed

+18
-9
lines changed

modules/lfs/server.go

+18-9
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,12 @@ type link struct {
8585

8686
var oidRegExp = regexp.MustCompile(`^[A-Fa-f0-9]+$`)
8787

88+
func isOidValid(oid string) bool {
89+
return oidRegExp.MatchString(oid)
90+
}
91+
8892
// ObjectOidHandler is the main request routing entry point into LFS server functions
8993
func ObjectOidHandler(ctx *context.Context) {
90-
9194
if !setting.LFS.StartServer {
9295
writeStatus(ctx, 404)
9396
return
@@ -110,6 +113,11 @@ func ObjectOidHandler(ctx *context.Context) {
110113
}
111114

112115
func getAuthenticatedRepoAndMeta(ctx *context.Context, rv *RequestVars, requireWrite bool) (*models.LFSMetaObject, *models.Repository) {
116+
if !isOidValid(rv.Oid) {
117+
writeStatus(ctx, 404)
118+
return nil, nil
119+
}
120+
113121
repository, err := models.GetRepositoryByOwnerAndName(rv.User, rv.Repo)
114122
if err != nil {
115123
log.Debug("Could not find repository: %s/%s - %s", rv.User, rv.Repo, err)
@@ -222,7 +230,7 @@ func PostHandler(ctx *context.Context) {
222230
return
223231
}
224232

225-
if !oidRegExp.MatchString(rv.Oid) {
233+
if !isOidValid(rv.Oid) {
226234
writeStatus(ctx, 404)
227235
return
228236
}
@@ -249,7 +257,6 @@ func PostHandler(ctx *context.Context) {
249257

250258
// BatchHandler provides the batch api
251259
func BatchHandler(ctx *context.Context) {
252-
253260
if !setting.LFS.StartServer {
254261
writeStatus(ctx, 404)
255262
return
@@ -266,6 +273,10 @@ func BatchHandler(ctx *context.Context) {
266273

267274
// Create a response object
268275
for _, object := range bv.Objects {
276+
if !isOidValid(object.Oid) {
277+
continue
278+
}
279+
269280
repository, err := models.GetRepositoryByOwnerAndName(object.User, object.Repo)
270281

271282
if err != nil {
@@ -292,12 +303,10 @@ func BatchHandler(ctx *context.Context) {
292303
continue
293304
}
294305

295-
if oidRegExp.MatchString(object.Oid) {
296-
// Object is not found
297-
meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
298-
if err == nil {
299-
responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
300-
}
306+
// Object is not found
307+
meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
308+
if err == nil {
309+
responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
301310
}
302311
}
303312

0 commit comments

Comments
 (0)