julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

appview: state: verify if commit is a valid hash before fetching

Fixes a crash when viewing a single commit, and possibly appending something like `.patch` to the end of it. The `result` from the knotserver is nil and then leads to a nil pointer deref later.

authored by anirudh.fi and committed by Tangled 4793720c e50e3319

options
unified split
Changed files
+7
appview
state
repo.go
+7
appview/state/repo.go
··· 21 21 "github.com/bluesky-social/indigo/atproto/syntax" 22 22 securejoin "github.com/cyphar/filepath-securejoin" 23 23 "github.com/go-chi/chi/v5" 24 + "github.com/go-git/go-git/v5/plumbing" 24 25 "tangled.sh/tangled.sh/core/api/tangled" 25 26 "tangled.sh/tangled.sh/core/appview/auth" 26 27 "tangled.sh/tangled.sh/core/appview/db" ··· 248 249 if !s.config.Dev { 249 250 protocol = "https" 250 251 } 252 + 253 + if !plumbing.IsHash(ref) { 254 + s.pages.Error404(w) 255 + return 256 + } 257 + 251 258 resp, err := http.Get(fmt.Sprintf("%s://%s/%s/%s/commit/%s", protocol, f.Knot, f.OwnerDid(), f.RepoName, ref)) 252 259 if err != nil { 253 260 log.Println("failed to reach knotserver", err)