From 3d3123d553826880c06202cade24ea432cd8b7dd Mon Sep 17 00:00:00 2001 From: Giteabot Date: Mon, 20 May 2024 15:10:27 +0800 Subject: [PATCH] Avoid 500 panic error when uploading invalid maven package file (#31014) (#31027) Backport #31014 by wxiaoguang Co-authored-by: wxiaoguang --- options/locale/locale_en-US.ini | 1 + templates/package/content/maven.tmpl | 6 +++++- templates/package/metadata/maven.tmpl | 5 ++++- tests/integration/api_packages_maven_test.go | 10 ++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index caeb48a44b..da45eee92a 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -3415,6 +3415,7 @@ error.unit_not_allowed = You are not allowed to access this repository section. title = Packages desc = Manage repository packages. empty = There are no packages yet. +no_metadata = No metadata. empty.documentation = For more information on the package registry, see the documentation. empty.repo = Did you upload a package, but it's not shown here? Go to package settings and link it to this repo. registry.documentation = For more information on the %s registry, see the documentation. diff --git a/templates/package/content/maven.tmpl b/templates/package/content/maven.tmpl index 3a7de335de..f56595a830 100644 --- a/templates/package/content/maven.tmpl +++ b/templates/package/content/maven.tmpl @@ -1,4 +1,8 @@ -{{if eq .PackageDescriptor.Package.Type "maven"}} +{{if and (eq .PackageDescriptor.Package.Type "maven") (not .PackageDescriptor.Metadata)}} +

{{ctx.Locale.Tr "packages.installation"}}

+
{{ctx.Locale.Tr "packages.no_metadata"}}
+{{end}} +{{if and (eq .PackageDescriptor.Package.Type "maven") .PackageDescriptor.Metadata}}

{{ctx.Locale.Tr "packages.installation"}}

diff --git a/templates/package/metadata/maven.tmpl b/templates/package/metadata/maven.tmpl index 548be61790..36412723d2 100644 --- a/templates/package/metadata/maven.tmpl +++ b/templates/package/metadata/maven.tmpl @@ -1,4 +1,7 @@ -{{if eq .PackageDescriptor.Package.Type "maven"}} +{{if and (eq .PackageDescriptor.Package.Type "maven") (not .PackageDescriptor.Metadata)}} +
{{svg "octicon-note" 16 "tw-mr-2"}} {{ctx.Locale.Tr "packages.no_metadata"}}
+{{end}} +{{if and (eq .PackageDescriptor.Package.Type "maven") .PackageDescriptor.Metadata}} {{if .PackageDescriptor.Metadata.Name}}
{{svg "octicon-note" 16 "tw-mr-2"}} {{.PackageDescriptor.Metadata.Name}}
{{end}} {{if .PackageDescriptor.Metadata.ProjectURL}}
{{svg "octicon-link-external" 16 "tw-mr-2"}} {{ctx.Locale.Tr "packages.details.project_site"}}
{{end}} {{range .PackageDescriptor.Metadata.Licenses}}
{{svg "octicon-law" 16 "tw-mr-2"}} {{.}}
{{end}} diff --git a/tests/integration/api_packages_maven_test.go b/tests/integration/api_packages_maven_test.go index c7ed554a9d..0466a727b2 100644 --- a/tests/integration/api_packages_maven_test.go +++ b/tests/integration/api_packages_maven_test.go @@ -15,6 +15,7 @@ import ( "code.gitea.io/gitea/models/unittest" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/packages/maven" + "code.gitea.io/gitea/modules/test" "code.gitea.io/gitea/tests" "github.com/stretchr/testify/assert" @@ -241,4 +242,13 @@ func TestPackageMaven(t *testing.T) { putFile(t, fmt.Sprintf("/%s/maven-metadata.xml", snapshotVersion), "test", http.StatusCreated) putFile(t, fmt.Sprintf("/%s/maven-metadata.xml", snapshotVersion), "test-overwrite", http.StatusCreated) }) + + t.Run("InvalidFile", func(t *testing.T) { + ver := packageVersion + "-invalid" + putFile(t, fmt.Sprintf("/%s/%s", ver, filename), "any invalid content", http.StatusCreated) + req := NewRequestf(t, "GET", "/%s/-/packages/maven/%s-%s/%s", user.Name, groupID, artifactID, ver) + resp := MakeRequest(t, req, http.StatusOK) + assert.Contains(t, resp.Body.String(), "No metadata.") + assert.True(t, test.IsNormalPageCompleted(resp.Body.String())) + }) }