From f620381551edbc800cacf447c9bee70db905e526 Mon Sep 17 00:00:00 2001 From: miyuko Date: Fri, 19 Jun 2026 03:09:15 +0100 Subject: [PATCH] Return 422 Unprocessable Entity on invalid archive uploads. Fixes: https://codeberg.org/git-pages/git-pages/issues/216 --- src/extract.go | 38 ++++++++++++++++++++++++++++++++++++++ src/pages.go | 2 ++ 2 files changed, 40 insertions(+) diff --git a/src/extract.go b/src/extract.go index 333d6d4..03f6555 100644 --- a/src/extract.go +++ b/src/extract.go @@ -244,3 +244,41 @@ func ExtractZip(ctx context.Context, reader io.Reader, oldManifest *Manifest) (* return manifest, nil } + +func IsArchiveParseError(err error) bool { + targets := []error{ + tar.ErrHeader, + tar.ErrWriteTooLong, + tar.ErrFieldTooLong, + tar.ErrWriteAfterClose, + tar.ErrInsecurePath, + + zip.ErrFormat, + zip.ErrAlgorithm, + zip.ErrChecksum, + zip.ErrInsecurePath, + + gzip.ErrChecksum, + gzip.ErrHeader, + + zstd.ErrReservedBlockType, + zstd.ErrCompressedSizeTooBig, + zstd.ErrBlockTooSmall, + zstd.ErrUnexpectedBlockSize, + zstd.ErrMagicMismatch, + zstd.ErrWindowSizeExceeded, + zstd.ErrWindowSizeTooSmall, + zstd.ErrDecoderSizeExceeded, + zstd.ErrUnknownDictionary, + zstd.ErrFrameSizeExceeded, + zstd.ErrFrameSizeMismatch, + zstd.ErrCRCMismatch, + } + + for _, target := range targets { + if errors.Is(err, target) { + return true + } + } + return false +} diff --git a/src/pages.go b/src/pages.go index b03a29a..f711831 100644 --- a/src/pages.go +++ b/src/pages.go @@ -712,6 +712,8 @@ func reportUpdateResult(w http.ResponseWriter, r *http.Request, result UpdateRes w.WriteHeader(http.StatusUnsupportedMediaType) } else if errors.Is(result.err, ErrArchiveTooLarge) { w.WriteHeader(http.StatusRequestEntityTooLarge) + } else if IsArchiveParseError(result.err) { + w.WriteHeader(http.StatusUnprocessableEntity) } else if errors.Is(result.err, ErrRepositoryTooLarge) { w.WriteHeader(http.StatusUnprocessableEntity) } else if errors.Is(result.err, ErrMalformedPatch) {