internal/code: reject pseduo-versions from non-master branches

The intention of the current ModuleHandler is to serve only v0.0.0 pseudo-versions from commits that are on the master branch. This requires checking the commit hash component of the incoming module request, and verifying that the corresponding commit is a part of the master branch. This wasn't done previously, which means an explicit request to a pseudo-version based on a commit on non-master branch would be served by ModuleHandler as if such a version existed on the master branch. No non-master branches were ever pushed, and pseudo-versions based on commits on non-master branches were never advertised by the list endpoint. As a result, unintentional versions were not indexed by the Go module mirror. Updates golang/go#24031.
shurcooL · Feb 25, 2020 · 614ca99 · 614ca99
1 parent a589cb3
commit 614ca99
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 0 deletions.
diff --git a/internal/code/module.go b/internal/code/module.go
@@ -107,6 +107,8 @@ func (h ModuleHandler) ServeModule(w http.ResponseWriter, req *http.Request) err
 	commit, err := repo.GetCommit(commitID)
 	if err != nil || commit.Committer == nil || !versionTime.Equal(time.Unix(commit.Committer.Date.Seconds, 0).UTC()) {
 		return os.ErrNotExist
+	} else if !isCommitOnMaster(req.Context(), gitDir, commit) {
+		return os.ErrNotExist
 	}
 
 	// Handle one of "/@v/<version>.<ext>" requests.
@@ -223,6 +225,15 @@ func WriteModuleZip(w io.Writer, m module.Version, r vcs.Repository, id vcs.Comm
 	return err
 }
 
+// isCommitOnMaster reports whether commit c is a part of master branch
+// of git repo at gitDir, and no errors occurred while determining that.
+func isCommitOnMaster(ctx context.Context, gitDir string, c *vcs.Commit) bool {
+	cmd := exec.CommandContext(ctx, "git", "merge-base", "--is-ancestor", "--", string(c.ID), "master")
+	cmd.Dir = gitDir
+	err := cmd.Run()
+	return err == nil
+}
+
 // listMasterCommits returns a list of commits in git repo on master branch.
 // If master branch doesn't exist, an empty list is returned.
 func listMasterCommits(ctx context.Context, gitDir string) ([]mod.RevInfo, error) {

diff --git a/internal/code/module_test.go b/internal/code/module_test.go
@@ -168,6 +168,11 @@ v0.0.0-20180326031431-f628922a6885
 			url:          "/api/module/dmitri.shuralyov.com/kebabcase/@v/v1.2.4-0.20170912031248-a1d95f8919b5.info",
 			wantNotExist: true,
 		},
+		{
+			name:         "commit on non-master branch",
+			url:          "/api/module/dmitri.shuralyov.com/kebabcase/@v/v0.0.0-20200225024836-c61324d16db7.info",
+			wantNotExist: true,
+		},
 	} {
 		t.Run(tt.name, func(t *testing.T) {
 			req := httptest.NewRequest(http.MethodGet, tt.url, nil)

diff --git a/...sitories/dmitri.shuralyov.com/kebabcase/objects/a0/40d5e5144e7d8b243238c40a3cbbdb5331d4bd b/...sitories/dmitri.shuralyov.com/kebabcase/objects/a0/40d5e5144e7d8b243238c40a3cbbdb5331d4bd
diff --git a/...sitories/dmitri.shuralyov.com/kebabcase/objects/c4/66b17874c06ad8ed4f162206d3d94dac08cdca b/...sitories/dmitri.shuralyov.com/kebabcase/objects/c4/66b17874c06ad8ed4f162206d3d94dac08cdca
diff --git a/...sitories/dmitri.shuralyov.com/kebabcase/objects/c6/1324d16db7fa26c252edfb6305dfc2a22e06f5 b/...sitories/dmitri.shuralyov.com/kebabcase/objects/c6/1324d16db7fa26c252edfb6305dfc2a22e06f5
@@ -0,0 +1 @@
+x���N!D=����a�dc<�z3��^�d�Ú���f���N�*UE5��a2��7 �}4KXi����xk��W�H:�+6)�p�8��j�9��4gPۉ�b��l%*���6xk-��vkx���p�_��ɑj~3;�a5z�Z:�]�Q��b�B�}ڰ|�|��]�aO��J�ni�!��2�@-�Z��UG�P�gY

diff --git a/internal/code/testdata/repositories/dmitri.shuralyov.com/kebabcase/refs/heads/branch2 b/internal/code/testdata/repositories/dmitri.shuralyov.com/kebabcase/refs/heads/branch2
@@ -0,0 +1 @@
+c61324d16db7fa26c252edfb6305dfc2a22e06f5