From fcbaa4bd641d8c2d842421833e785b1ba95b8737 Mon Sep 17 00:00:00 2001 From: a1012112796 <1012112796@qq.com> Date: Sat, 2 Jul 2022 11:25:29 +0000 Subject: [PATCH 1/6] make sure `repo_dir` is empty before 'dump-repo' or it looks dangerous ... fix #20191 Signed-off-by: a1012112796 <1012112796@qq.com> --- cmd/dump_repo.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go index c9d24c6c8367a..d00aabccf1f8e 100644 --- a/cmd/dump_repo.go +++ b/cmd/dump_repo.go @@ -7,6 +7,7 @@ package cmd import ( "context" "errors" + "io/ioutil" "strings" "code.gitea.io/gitea/modules/convert" @@ -159,9 +160,14 @@ func runDumpRepository(ctx *cli.Context) error { } } + repoDir := ctx.String("repo_dir") + if dir, _ := ioutil.ReadDir(repoDir); len(dir) > 0 { + return errors.New("`repo_dir` path '" + repoDir + "' already exists and is not an empty directory.") + } + if err := migrations.DumpRepository( context.Background(), - ctx.String("repo_dir"), + repoDir, ctx.String("owner_name"), opts, ); err != nil { From 28466eea963ff958e15550b571127bd6f840a88a Mon Sep 17 00:00:00 2001 From: a1012112796 <1012112796@qq.com> Date: Sat, 2 Jul 2022 11:41:49 +0000 Subject: [PATCH 2/6] fix lint Signed-off-by: a1012112796 <1012112796@qq.com> --- cmd/dump_repo.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go index d00aabccf1f8e..a4e768dba874e 100644 --- a/cmd/dump_repo.go +++ b/cmd/dump_repo.go @@ -7,7 +7,7 @@ package cmd import ( "context" "errors" - "io/ioutil" + "os" "strings" "code.gitea.io/gitea/modules/convert" @@ -161,7 +161,7 @@ func runDumpRepository(ctx *cli.Context) error { } repoDir := ctx.String("repo_dir") - if dir, _ := ioutil.ReadDir(repoDir); len(dir) > 0 { + if dir, _ := os.ReadDir(repoDir); len(dir) > 0 { return errors.New("`repo_dir` path '" + repoDir + "' already exists and is not an empty directory.") } From 896de908d12e8f36fe4a6a270ac6f0f54e0bcb6b Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Wed, 13 Jul 2022 10:54:43 +0800 Subject: [PATCH 3/6] Update dump_repo.go --- cmd/dump_repo.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go index a4e768dba874e..293979b3d1a9a 100644 --- a/cmd/dump_repo.go +++ b/cmd/dump_repo.go @@ -7,6 +7,7 @@ package cmd import ( "context" "errors" + "fmt" "os" "strings" @@ -16,6 +17,7 @@ import ( base "code.gitea.io/gitea/modules/migration" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/migrations" "github.com/urfave/cli" @@ -161,13 +163,20 @@ func runDumpRepository(ctx *cli.Context) error { } repoDir := ctx.String("repo_dir") - if dir, _ := os.ReadDir(repoDir); len(dir) > 0 { - return errors.New("`repo_dir` path '" + repoDir + "' already exists and is not an empty directory.") + if exists, err := util.IsExist(repoDir); err != nil { + return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err) + } else if exists { + if isDir, _ := util.IsDir(repoDir); !isDir { + return fmt.Errorf("repo_dir %q already exists and is not a directory", repoDir) + } + if dir, _ := os.ReadDir(repoDir); len(dir) > 0 { + return fmt.Errorf("repo_dir %q is not empty", repoDir) + } } if err := migrations.DumpRepository( context.Background(), - repoDir, + ctx.String("repo_dir"), ctx.String("owner_name"), opts, ); err != nil { From 0036cb8e03c6f7b616c2995621bc918577811bba Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Wed, 13 Jul 2022 10:54:58 +0800 Subject: [PATCH 4/6] Update dump_repo.go --- cmd/dump_repo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go index 293979b3d1a9a..8b70acf9c00a5 100644 --- a/cmd/dump_repo.go +++ b/cmd/dump_repo.go @@ -176,7 +176,7 @@ func runDumpRepository(ctx *cli.Context) error { if err := migrations.DumpRepository( context.Background(), - ctx.String("repo_dir"), + repoDir, ctx.String("owner_name"), opts, ); err != nil { From 8bc6e53166f8de581e87bc67023f725272cb9988 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Wed, 13 Jul 2022 10:58:40 +0800 Subject: [PATCH 5/6] Update dump_repo.go --- cmd/dump_repo.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go index 8b70acf9c00a5..fc532e23e534e 100644 --- a/cmd/dump_repo.go +++ b/cmd/dump_repo.go @@ -162,6 +162,8 @@ func runDumpRepository(ctx *cli.Context) error { } } + // the repo_dir will be removed if error occurs in DumpRepository + // make sure the directy doesn't exist or is empty, prevent from deleting user files repoDir := ctx.String("repo_dir") if exists, err := util.IsExist(repoDir); err != nil { return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err) From 2a47e371102cc306fed2929929ef69b315755b79 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Wed, 13 Jul 2022 11:52:20 +0800 Subject: [PATCH 6/6] Update dump_repo.go --- cmd/dump_repo.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go index fc532e23e534e..72456c61d3398 100644 --- a/cmd/dump_repo.go +++ b/cmd/dump_repo.go @@ -163,13 +163,13 @@ func runDumpRepository(ctx *cli.Context) error { } // the repo_dir will be removed if error occurs in DumpRepository - // make sure the directy doesn't exist or is empty, prevent from deleting user files + // make sure the directory doesn't exist or is empty, prevent from deleting user files repoDir := ctx.String("repo_dir") if exists, err := util.IsExist(repoDir); err != nil { return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err) } else if exists { if isDir, _ := util.IsDir(repoDir); !isDir { - return fmt.Errorf("repo_dir %q already exists and is not a directory", repoDir) + return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir) } if dir, _ := os.ReadDir(repoDir); len(dir) > 0 { return fmt.Errorf("repo_dir %q is not empty", repoDir)