| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 |
- // Copyright 2023 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package actions
-
- import (
- "crypto/md5"
- "fmt"
- "net/http"
- "strconv"
- "strings"
-
- "code.gitea.io/gitea/models/actions"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/util"
- )
-
- const (
- artifactXTfsFileLengthHeader = "x-tfs-filelength"
- artifactXActionsResultsMD5Header = "x-actions-results-md5"
- )
-
- // The rules are from https://github.com/actions/toolkit/blob/main/packages/artifact/src/internal/path-and-artifact-name-validation.ts#L32
- var invalidArtifactNameChars = strings.Join([]string{"\\", "/", "\"", ":", "<", ">", "|", "*", "?", "\r", "\n"}, "")
-
- func validateArtifactName(ctx *ArtifactContext, artifactName string) bool {
- if strings.ContainsAny(artifactName, invalidArtifactNameChars) {
- log.Error("Error checking artifact name contains invalid character")
- ctx.HTTPError(http.StatusBadRequest, "Error checking artifact name contains invalid character")
- return false
- }
- return true
- }
-
- func validateRunID(ctx *ArtifactContext) (*actions.ActionTask, int64, bool) {
- task := ctx.ActionTask
- runID := ctx.PathParamInt64("run_id")
- if task.Job.RunID != runID {
- log.Error("Error runID not match")
- ctx.HTTPError(http.StatusBadRequest, "run-id does not match")
- return nil, 0, false
- }
- return task, runID, true
- }
-
- func validateRunIDV4(ctx *ArtifactContext, rawRunID string) (*actions.ActionTask, int64, bool) { //nolint:unparam // ActionTask is never used
- task := ctx.ActionTask
- runID, err := strconv.ParseInt(rawRunID, 10, 64)
- if err != nil || task.Job.RunID != runID {
- log.Error("Error runID not match")
- ctx.HTTPError(http.StatusBadRequest, "run-id does not match")
- return nil, 0, false
- }
- return task, runID, true
- }
-
- func validateArtifactHash(ctx *ArtifactContext, artifactName string) bool {
- paramHash := ctx.PathParam("artifact_hash")
- // use artifact name to create upload url
- artifactHash := fmt.Sprintf("%x", md5.Sum([]byte(artifactName)))
- if paramHash == artifactHash {
- return true
- }
- log.Error("Invalid artifact hash: %s", paramHash)
- ctx.HTTPError(http.StatusBadRequest, "Invalid artifact hash")
- return false
- }
-
- func parseArtifactItemPath(ctx *ArtifactContext) (string, string, bool) {
- // itemPath is generated from upload-artifact action
- // it's formatted as {artifact_name}/{artfict_path_in_runner}
- // act_runner in host mode on Windows, itemPath is joined by Windows slash '\'
- itemPath := util.PathJoinRelX(ctx.Req.URL.Query().Get("itemPath"))
- artifactName := strings.Split(itemPath, "/")[0]
- artifactPath := strings.TrimPrefix(itemPath, artifactName+"/")
- if !validateArtifactHash(ctx, artifactName) {
- return "", "", false
- }
- if !validateArtifactName(ctx, artifactName) {
- return "", "", false
- }
- return artifactName, artifactPath, true
- }
-
- // getUploadFileSize returns the size of the file to be uploaded.
- // The raw size is the size of the file as reported by the header X-TFS-FileLength.
- func getUploadFileSize(ctx *ArtifactContext) (int64, int64) {
- contentLength := ctx.Req.ContentLength
- xTfsLength, _ := strconv.ParseInt(ctx.Req.Header.Get(artifactXTfsFileLengthHeader), 10, 64)
- if xTfsLength > 0 {
- return xTfsLength, contentLength
- }
- return contentLength, contentLength
- }
|
