mirror of
https://github.com/golang/go
synced 2024-09-28 20:14:28 -06:00
cmd/go/internal/vcs: error out if the requested repo does not support a secure protocol
Fixes #63845. Change-Id: If86d6b13d3b55877b35c087112bd76388c9404b8 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest,gotip-windows-amd64-longtest Reviewed-on: https://go-review.googlesource.com/c/go/+/539321 Reviewed-by: Michael Matloob <matloob@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Bryan Mills <bcmills@google.com>
This commit is contained in:
parent
17211b64b6
commit
be26ae18ca
@ -1171,18 +1171,31 @@ func repoRootFromVCSPaths(importPath string, security web.SecurityMode, vcsPaths
|
||||
var ok bool
|
||||
repoURL, ok = interceptVCSTest(repo, vcs, security)
|
||||
if !ok {
|
||||
scheme := vcs.Scheme[0] // default to first scheme
|
||||
if vcs.PingCmd != "" {
|
||||
// If we know how to test schemes, scan to find one.
|
||||
scheme, err := func() (string, error) {
|
||||
for _, s := range vcs.Scheme {
|
||||
if security == web.SecureOnly && !vcs.isSecureScheme(s) {
|
||||
continue
|
||||
}
|
||||
if vcs.Ping(s, repo) == nil {
|
||||
scheme = s
|
||||
break
|
||||
|
||||
// If we know how to ping URL schemes for this VCS,
|
||||
// check that this repo works.
|
||||
// Otherwise, default to the first scheme
|
||||
// that meets the requested security level.
|
||||
if vcs.PingCmd == "" {
|
||||
return s, nil
|
||||
}
|
||||
if err := vcs.Ping(s, repo); err == nil {
|
||||
return s, nil
|
||||
}
|
||||
}
|
||||
securityFrag := ""
|
||||
if security == web.SecureOnly {
|
||||
securityFrag = "secure "
|
||||
}
|
||||
return "", fmt.Errorf("no %sprotocol found for repository", securityFrag)
|
||||
}()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
repoURL = scheme + "://" + repo
|
||||
}
|
||||
|
28
src/cmd/go/testdata/script/mod_insecure_issue63845.txt
vendored
Normal file
28
src/cmd/go/testdata/script/mod_insecure_issue63845.txt
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
# Regression test for https://go.dev/issue/63845:
|
||||
# If 'git ls-remote' fails for all secure protocols,
|
||||
# we should fail instead of falling back to an arbitrary protocol.
|
||||
#
|
||||
# Note that this test does not use the local vcweb test server
|
||||
# (vcs-test.golang.org), because the hook for redirecting to that
|
||||
# server bypasses the "ping to determine protocol" logic
|
||||
# in cmd/go/internal/vcs.
|
||||
|
||||
[!net:golang.org] skip
|
||||
[!git] skip
|
||||
[short] skip 'tries to access a nonexistent external Git repo'
|
||||
|
||||
env GOPRIVATE=golang.org
|
||||
env CURLOPT_TIMEOUT_MS=100
|
||||
env GIT_SSH_COMMAND=false
|
||||
|
||||
! go get -x golang.org/nonexist.git@latest
|
||||
stderr '^git ls-remote https://golang.org/nonexist$'
|
||||
stderr '^git ls-remote git\+ssh://golang.org/nonexist'
|
||||
stderr '^git ls-remote ssh://golang.org/nonexist$'
|
||||
! stderr 'git://'
|
||||
stderr '^go: golang.org/nonexist.git@latest: no secure protocol found for repository$'
|
||||
|
||||
-- go.mod --
|
||||
module example
|
||||
|
||||
go 1.19
|
Loading…
Reference in New Issue
Block a user