From 5e0ac639b376dfe661cf434d0b50f5b52a42d642 Mon Sep 17 00:00:00 2001 From: fuxiaohei Date: Thu, 26 Oct 2023 22:47:03 +0800 Subject: [PATCH 1/4] fix: parse windows slash '\' query escaped in uploading request 'itemPath' query correctly --- routers/api/actions/artifacts_utils.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/routers/api/actions/artifacts_utils.go b/routers/api/actions/artifacts_utils.go index 4c939348622b7..edb3a65f1ef17 100644 --- a/routers/api/actions/artifacts_utils.go +++ b/routers/api/actions/artifacts_utils.go @@ -7,6 +7,7 @@ import ( "crypto/md5" "fmt" "net/http" + "net/url" "strconv" "strings" @@ -58,7 +59,9 @@ func validateArtifactHash(ctx *ArtifactContext, artifactName string) bool { func parseArtifactItemPath(ctx *ArtifactContext) (string, string, bool) { // itemPath is generated from upload-artifact action // it's formatted as {artifact_name}/{artfict_path_in_runner} - itemPath := util.PathJoinRel(ctx.Req.URL.Query().Get("itemPath")) + // act_runner in host mode on Windows, itemPath contains %255C urlencoded windows slash '\' + itemPath, _ := url.QueryUnescape(ctx.Req.URL.Query().Get("itemPath")) + itemPath = util.PathJoinRelX(itemPath) // use PathJoinRelX to convert Windows '\' to '/' artifactName := strings.Split(itemPath, "/")[0] artifactPath := strings.TrimPrefix(itemPath, artifactName+"/") if !validateArtifactHash(ctx, artifactName) { From 69666b03594cdb2de4484b1114991f7d3715a106 Mon Sep 17 00:00:00 2001 From: fuxiaohei Date: Fri, 27 Oct 2023 19:51:53 +0800 Subject: [PATCH 2/4] fix: windows slash case when uploading artifact chunk --- routers/api/actions/artifacts_utils.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/routers/api/actions/artifacts_utils.go b/routers/api/actions/artifacts_utils.go index edb3a65f1ef17..973ad93422580 100644 --- a/routers/api/actions/artifacts_utils.go +++ b/routers/api/actions/artifacts_utils.go @@ -7,13 +7,11 @@ import ( "crypto/md5" "fmt" "net/http" - "net/url" "strconv" "strings" "code.gitea.io/gitea/models/actions" "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/util" ) const ( @@ -59,9 +57,8 @@ func validateArtifactHash(ctx *ArtifactContext, artifactName string) bool { func parseArtifactItemPath(ctx *ArtifactContext) (string, string, bool) { // itemPath is generated from upload-artifact action // it's formatted as {artifact_name}/{artfict_path_in_runner} - // act_runner in host mode on Windows, itemPath contains %255C urlencoded windows slash '\' - itemPath, _ := url.QueryUnescape(ctx.Req.URL.Query().Get("itemPath")) - itemPath = util.PathJoinRelX(itemPath) // use PathJoinRelX to convert Windows '\' to '/' + // act_runner in host mode on Windows, itemPath is joined by Windows slash '\' with %5C urlencoded format + itemPath := strings.ReplaceAll(ctx.Req.URL.Query().Get("itemPath"), "\\", "/") artifactName := strings.Split(itemPath, "/")[0] artifactPath := strings.TrimPrefix(itemPath, artifactName+"/") if !validateArtifactHash(ctx, artifactName) { From 8c7b01aa2cef8069ab26bdf0ecc9b1a3585ae012 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sat, 28 Oct 2023 09:52:23 +0800 Subject: [PATCH 3/4] Update routers/api/actions/artifacts_utils.go --- routers/api/actions/artifacts_utils.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routers/api/actions/artifacts_utils.go b/routers/api/actions/artifacts_utils.go index 973ad93422580..9e7e627f555a3 100644 --- a/routers/api/actions/artifacts_utils.go +++ b/routers/api/actions/artifacts_utils.go @@ -57,8 +57,8 @@ func validateArtifactHash(ctx *ArtifactContext, artifactName string) bool { func parseArtifactItemPath(ctx *ArtifactContext) (string, string, bool) { // itemPath is generated from upload-artifact action // it's formatted as {artifact_name}/{artfict_path_in_runner} - // act_runner in host mode on Windows, itemPath is joined by Windows slash '\' with %5C urlencoded format - itemPath := strings.ReplaceAll(ctx.Req.URL.Query().Get("itemPath"), "\\", "/") + // act_runner in host mode on Windows, itemPath is joined by Windows slash '\' + itemPath := util.PathJoinRelX(ctx.Req.URL.Query().Get("itemPath")) artifactName := strings.Split(itemPath, "/")[0] artifactPath := strings.TrimPrefix(itemPath, artifactName+"/") if !validateArtifactHash(ctx, artifactName) { From 4e70a23fa990a637fb3e365bef2256f01192b5ff Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sat, 28 Oct 2023 10:58:49 +0800 Subject: [PATCH 4/4] Update artifacts_utils.go --- routers/api/actions/artifacts_utils.go | 1 + 1 file changed, 1 insertion(+) diff --git a/routers/api/actions/artifacts_utils.go b/routers/api/actions/artifacts_utils.go index 9e7e627f555a3..381e7eb16ee95 100644 --- a/routers/api/actions/artifacts_utils.go +++ b/routers/api/actions/artifacts_utils.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/models/actions" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" ) const (