(refs #1523)Eliminate CR and LF in public key

2025-11-12 00:15:50 +01:00 · 2017-04-05 01:46:57 +09:00
parent 0a08879d8c
commit 68c2f832ac
4 changed files with 35 additions and 22 deletions
--- a/src/main/scala/gitbucket/core/controller/AccountController.scala
+++ b/src/main/scala/gitbucket/core/controller/AccountController.scala
@@ -61,7 +61,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {

  val sshKeyForm = mapping(
    "title"     -> trim(label("Title", text(required, maxlength(100)))),
-    "publicKey" -> trim(label("Key"  , text(required, validPublicKey)))
+    "publicKey" -> trim2(label("Key" , text(required, validPublicKey)))
  )(SshKeyForm.apply)

  val personalTokenForm = mapping(
--- a/src/main/scala/gitbucket/core/controller/ControllerBase.scala
+++ b/src/main/scala/gitbucket/core/controller/ControllerBase.scala
@@ -159,6 +159,18 @@ abstract class ControllerBase extends ScalatraFilter
    if (path.startsWith("http")) path
    else baseUrl + super.url(path, params, false, false, false)

+  /**
+   * Extends scalatra-form's trim rule to eliminate CR and LF.
+   */
+  protected def trim2[T](valueType: SingleValueType[T]): SingleValueType[T] = new SingleValueType[T](){
+    def convert(value: String, messages: Messages): T = valueType.convert(trim(value), messages)
+
+    override def validate(name: String, value: String, params: Map[String, String], messages: Messages): Seq[(String, String)] =
+      valueType.validate(name, trim(value), params, messages)
+
+    private def trim(value: String): String = if(value == null) null else value.replaceAll("\r\n", "").trim
+  }
+
  /**
   * Use this method to response the raw data against XSS.
   */
--- a/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
+++ b/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
@@ -63,7 +63,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {

  val deployKeyForm = mapping(
    "title"      -> trim(label("Title", text(required, maxlength(100)))),
-    "publicKey"  -> trim(label("Key"  , text(required))), // TODO duplication check in the repository?
+    "publicKey"  -> trim2(label("Key" , text(required))), // TODO duplication check in the repository?
    "allowWrite" -> trim(label("Key"  , boolean()))
  )(DeployKeyForm.apply)

--- a/src/main/scala/gitbucket/core/ssh/SshUtil.scala
+++ b/src/main/scala/gitbucket/core/ssh/SshUtil.scala
@@ -18,8 +18,8 @@ object SshUtil {
    val parts = key.split(" ")
    if (parts.size < 2) {
      logger.debug(s"Invalid PublicKey Format: ${key}")
-      return None
-    }
+      None
+    } else {
      try {
        val encodedKey = parts(1)
        val decode = Base64.getDecoder.decode(Constants.encodeASCII(encodedKey))
@@ -30,6 +30,7 @@ object SshUtil {
          None
      }
    }
+  }

  def fingerPrint(key: String): Option[String] =
    str2PublicKey(key) map KeyUtils.getFingerPrint