fix/forbidden (#58) #60
|
|
@ -39,14 +39,13 @@ var Version string
|
|||
|
||||
// Generally, err is used for runtime errors, and checkRes is used for the result of the checks.
|
||||
func main() {
|
||||
var gitWhitelist, metaFile []string
|
||||
var metaFile []string
|
||||
showVersion := flag.Bool("version", false, "print current version")
|
||||
rootDir := flag.String("root", "", "")
|
||||
size := flag.Float64("repoSize", 2, "maximum size of the repo in MiB")
|
||||
localList := flag.String("localList", "", "")
|
||||
checkFileNameList := flag.String("checkFileNameList", "", "Comma-separated list of files to check.")
|
||||
checkFileSumList := flag.String("checkFileSumList", "", "Comma-separated list of expected checksums.")
|
||||
parseMultiValueFlag(&gitWhitelist, "whitelist", "")
|
||||
parseMultiValueFlag(&metaFile, "meta", "")
|
||||
flag.Parse()
|
||||
if *showVersion {
|
||||
|
|
@ -59,7 +58,7 @@ func main() {
|
|||
if err != nil {
|
||||
fmt.Printf("### Repo Size Check Failed:\n%s\n", err.Error())
|
||||
}
|
||||
err = healthcheck.ForbiddenCheck(*rootDir, gitWhitelist, *localList)
|
||||
err = healthcheck.ForbiddenCheck(*rootDir)
|
||||
if err != nil {
|
||||
fmt.Printf("### Forbidden File Check Failed:\n%s\n", err.Error())
|
||||
}
|
||||
|
|
|
|||
2
go.mod
2
go.mod
|
|
@ -4,6 +4,7 @@ go 1.23.1
|
|||
|
||||
require (
|
||||
github.com/criyle/go-judge v1.8.5
|
||||
github.com/denormal/go-gitignore v0.0.0-20180930084346-ae8ad1d07817
|
||||
github.com/go-git/go-git/v5 v5.12.0
|
||||
github.com/jinzhu/copier v0.4.0
|
||||
github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7
|
||||
|
|
@ -21,6 +22,7 @@ require (
|
|||
github.com/creack/pty v1.1.21 // indirect
|
||||
github.com/criyle/go-sandbox v0.10.4 // indirect
|
||||
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
|
||||
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
|
||||
github.com/emirpasic/gods v1.18.1 // indirect
|
||||
github.com/fatih/camelcase v1.0.0 // indirect
|
||||
github.com/fatih/structs v1.1.0 // indirect
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -23,9 +23,13 @@ github.com/criyle/go-sandbox v0.10.4 h1:EHJrJj5V/VSrjm1Y0ZJAea5zPASoOtn1CPZRzhTU
|
|||
github.com/criyle/go-sandbox v0.10.4/go.mod h1:sYJUuTmJ72Jilkc1/PO7eDdpJq3rOZ55o8MxzP80vw0=
|
||||
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
|
||||
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
|
||||
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ=
|
||||
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/denormal/go-gitignore v0.0.0-20180930084346-ae8ad1d07817 h1:0nsrg//Dc7xC74H/TZ5sYR8uk4UQRNjsw8zejqH5a4Q=
|
||||
github.com/denormal/go-gitignore v0.0.0-20180930084346-ae8ad1d07817/go.mod h1:C/+sI4IFnEpCn6VQ3GIPEp+FrQnQw+YQP3+n+GdGq7o=
|
||||
github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
|
||||
github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
|
||||
github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
|
||||
|
|
|
|||
|
|
@ -1,65 +1,54 @@
|
|||
package healthcheck
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/denormal/go-gitignore"
|
||||
)
|
||||
|
||||
// getForbiddens retrieves a list of forbidden files in the specified root directory.
|
||||
// It searches for files that do not match the specified regex patterns in the given file list.
|
||||
func getForbiddens(root string, fileList []string, localList string) ([]string, error) {
|
||||
// It searches for files that match the specified ignore patterns in the .gitignore file.
|
||||
func getForbiddens(root string) ([]string, error) {
|
||||
var matches []string
|
||||
|
||||
var regexList []*regexp.Regexp
|
||||
regexList, err := getRegex(fileList)
|
||||
// Create a gitignore instance from the .gitignore file
|
||||
ignore := gitignore.NewRepositoryWithCache(root, ".gitignore", gitignore.NewCache(), func(e gitignore.Error) bool {
|
||||
|
bomingzh marked this conversation as resolved
Outdated
|
||||
return false
|
||||
})
|
||||
|
||||
var err error
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var dirs []string
|
||||
|
||||
if localList != "" {
|
||||
file, err := os.Open(localList)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to open file %s: %v\n", localList, err)
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
scanner := bufio.NewScanner(file)
|
||||
for scanner.Scan() {
|
||||
dirs = append(dirs, scanner.Text())
|
||||
}
|
||||
if err := scanner.Err(); err != nil {
|
||||
return nil, fmt.Errorf("Error reading file %s: %v\n", localList, err)
|
||||
}
|
||||
}
|
||||
|
||||
err = filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if info.IsDir() {
|
||||
if info.Name() == ".git" || info.Name() == ".gitea" || info.Name() == "ci" || (localList != "" && inString(info.Name(), dirs)) {
|
||||
if info.Name() == ".git" {
|
||||
return filepath.SkipDir
|
||||
} else if info.Name() == root {
|
||||
return nil
|
||||
}
|
||||
} else {
|
||||
match := false
|
||||
for _, regex := range regexList {
|
||||
if regex.MatchString(info.Name()) {
|
||||
match = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !match {
|
||||
matches = append(matches, path)
|
||||
}
|
||||
// Get the relative path to the git repo root
|
||||
relPath, err := filepath.Rel(root, path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
match := ignore.Relative(relPath, true)
|
||||
|
||||
// Check if the relative file path should be ignored based on the .gitignore rules
|
||||
if match != nil && match.Ignore() {
|
||||
matches = append(matches, path)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
@ -68,10 +57,10 @@ func getForbiddens(root string, fileList []string, localList string) ([]string,
|
|||
return matches, err
|
||||
}
|
||||
|
||||
// forbiddenCheck checks for forbidden files in the specified root directory.
|
||||
// ForbiddenCheck checks for forbidden files in the specified root directory.
|
||||
// It prints the list of forbidden files found, along with instructions on how to fix them.
|
||||
func ForbiddenCheck(rootDir string, regexList []string, localList string) error {
|
||||
forbids, err := getForbiddens(rootDir, regexList, localList)
|
||||
func ForbiddenCheck(rootDir string) error {
|
||||
forbids, err := getForbiddens(rootDir)
|
||||
if err != nil {
|
||||
slog.Error("getting forbiddens", "error", err)
|
||||
return fmt.Errorf("error getting forbiddens: %w", err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user
.gitignorefile.gitignorefile may appear in sub-dirs, you also need to check themSo what's the default pattern if no gitignore? Warn student add a gitignore or set root as default value?
what if the gitignore is nonsense? Not every course provide unchangeable gitignore
Change to locallist and make it work as a gitignore file?
with JOJ3 they must have an immutable gitignore or the server will quickly become a massive mess... caught a student who wanted to see what happened if he pushd a movie... repo was 2.8GB :/
If the forbidden check is enabled, then just throw error for no root gitignore or wrong root gitignore.