Merge pull request '[FEAT] Restrict file size of blame operation' (#2395) from gusted/forgejo-blame-restrict into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2395
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
This commit is contained in:
Earl Warren 2024-02-23 23:17:02 +00:00
commit bc8d61d12e
3 changed files with 75 additions and 9 deletions

View File

@ -16,6 +16,7 @@ import (
"code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/highlight" "code.gitea.io/gitea/modules/highlight"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates" "code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/timeutil" "code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/util"
@ -69,6 +70,14 @@ func RefBlame(ctx *context.Context) {
ctx.Data["FileSize"] = blob.Size() ctx.Data["FileSize"] = blob.Size()
ctx.Data["FileName"] = blob.Name() ctx.Data["FileName"] = blob.Name()
// Do not display a blame view if the size of the file is
// larger than what is configured as the maximum.
if blob.Size() >= setting.UI.MaxDisplayFileSize {
ctx.Data["IsFileTooLarge"] = true
ctx.HTML(http.StatusOK, tplRepoHome)
return
}
ctx.Data["NumLinesSet"] = true ctx.Data["NumLinesSet"] = true
ctx.Data["NumLines"], err = blob.GetBlobLineCount() ctx.Data["NumLines"], err = blob.GetBlobLineCount()
if err != nil { if err != nil {

View File

@ -30,6 +30,15 @@
</h4> </h4>
<div class="ui attached table unstackable segment"> <div class="ui attached table unstackable segment">
<div class="file-view code-view unicode-escaped"> <div class="file-view code-view unicode-escaped">
{{if .IsFileTooLarge}}
<table>
<tbody>
<tr>
<td class="gt-text-center gt-p-1"><strong>{{ctx.Locale.Tr "repo.file_too_large"}}</strong></td>
</tr>
</tbody>
</table>
{{else}}
<table> <table>
<tbody> <tbody>
{{range $row := .BlameRows}} {{range $row := .BlameRows}}
@ -75,6 +84,7 @@
{{end}} {{end}}
</tbody> </tbody>
</table> </table>
{{end}}
</div> </div>
</div> </div>
</div> </div>

View File

@ -15,13 +15,16 @@ import (
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
unit_model "code.gitea.io/gitea/models/unit" unit_model "code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/models/unittest" "code.gitea.io/gitea/models/unittest"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/test" "code.gitea.io/gitea/modules/test"
"code.gitea.io/gitea/modules/translation"
repo_service "code.gitea.io/gitea/services/repository" repo_service "code.gitea.io/gitea/services/repository"
"code.gitea.io/gitea/tests" "code.gitea.io/gitea/tests"
"github.com/PuerkitoBio/goquery" "github.com/PuerkitoBio/goquery"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestViewRepo(t *testing.T) { func TestViewRepo(t *testing.T) {
@ -447,17 +450,61 @@ func TestBlameFileInRepo(t *testing.T) {
session := loginUser(t, "user2") session := loginUser(t, "user2")
req := NewRequest(t, "GET", "/user2/repo1/blame/branch/master/README.md") t.Run("Assert", func(t *testing.T) {
resp := session.MakeRequest(t, req, http.StatusOK) defer tests.PrintCurrentTest(t)()
htmlDoc := NewHTMLParser(t, resp.Body) req := NewRequest(t, "GET", "/user2/repo1/blame/branch/master/README.md")
description := htmlDoc.doc.Find("#repo-desc") resp := session.MakeRequest(t, req, http.StatusOK)
repoTopics := htmlDoc.doc.Find("#repo-topics")
repoSummary := htmlDoc.doc.Find(".repository-summary")
assert.EqualValues(t, 0, description.Length()) htmlDoc := NewHTMLParser(t, resp.Body)
assert.EqualValues(t, 0, repoTopics.Length()) description := htmlDoc.doc.Find("#repo-desc")
assert.EqualValues(t, 0, repoSummary.Length()) repoTopics := htmlDoc.doc.Find("#repo-topics")
repoSummary := htmlDoc.doc.Find(".repository-summary")
assert.EqualValues(t, 0, description.Length())
assert.EqualValues(t, 0, repoTopics.Length())
assert.EqualValues(t, 0, repoSummary.Length())
})
t.Run("File size", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
gitRepo, err := git.OpenRepository(git.DefaultContext, repo.RepoPath())
require.NoError(t, err)
defer gitRepo.Close()
commit, err := gitRepo.GetCommit("HEAD")
require.NoError(t, err)
blob, err := commit.GetBlobByPath("README.md")
require.NoError(t, err)
fileSize := blob.Size()
require.NotZero(t, fileSize)
t.Run("Above maximum", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
defer test.MockVariableValue(&setting.UI.MaxDisplayFileSize, fileSize)()
req := NewRequest(t, "GET", "/user2/repo1/blame/branch/master/README.md")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
assert.Contains(t, htmlDoc.Find(".code-view").Text(), translation.NewLocale("en-US").Tr("repo.file_too_large"))
})
t.Run("Under maximum", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
defer test.MockVariableValue(&setting.UI.MaxDisplayFileSize, fileSize+1)()
req := NewRequest(t, "GET", "/user2/repo1/blame/branch/master/README.md")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
assert.NotContains(t, htmlDoc.Find(".code-view").Text(), translation.NewLocale("en-US").Tr("repo.file_too_large"))
})
})
} }
// TestViewRepoDirectory repo description, topics and summary should not be displayed when within a directory // TestViewRepoDirectory repo description, topics and summary should not be displayed when within a directory