-
-
Notifications
You must be signed in to change notification settings - Fork 5.9k
Enable gocritic equalFold
and fix issues
#34952
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Is it possible to forbid I can see some developers will abuse |
@@ -91,8 +91,7 @@ func (r *stripRenderer) processAutoLink(w io.Writer, link []byte) { | |||
} | |||
|
|||
// Note: we're not attempting to match the URL scheme (http/https) | |||
host := strings.ToLower(u.Host) | |||
if host != "" && host != strings.ToLower(r.localhost.Host) { | |||
if u.Host != "" && !strings.EqualFold(u.Host, r.localhost.Host) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Host should be ASCII only
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hostnames can contain unicode potentially:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, backend is ASCII-only, see the Punycode
In the Domain Name System, these domains use an ASCII representation consisting of the prefix "xn--" followed by the Punycode translation of the Unicode representation of the language-specific alphabet or script glyphs. For example, the Cyrillic name of Russia's IDN ccTLD is "рф". In Punycode representation, this is "p1ai", and its DNS name is "xn--p1ai".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you certain that domains will enter in their punycode form into this function? I am not and therefore it's better to use unicode-aware functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
modules/setting/actions.go
Outdated
@@ -62,11 +62,11 @@ func (c logCompression) IsValid() bool { | |||
} | |||
|
|||
func (c logCompression) IsNone() bool { | |||
return strings.ToLower(string(c)) == "none" | |||
return strings.EqualFold(string(c), "none") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should completely drop the ToLower or EqualFold, we never used case-insensitive config options in app.ini
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, but I think these are still potentially breaking changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will help to explain if any user complains.
@@ -12,8 +12,7 @@ import ( | |||
// SliceContainsString sequential searches if string exists in slice. | |||
func SliceContainsString(slice []string, target string, insensitive ...bool) bool { | |||
if len(insensitive) != 0 && insensitive[0] { | |||
target = strings.ToLower(target) | |||
return slices.ContainsFunc(slice, func(t string) bool { return strings.ToLower(t) == target }) | |||
return slices.ContainsFunc(slice, func(t string) bool { return strings.EqualFold(t, target) }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC SliceContainsString
is only used for ASCII-only cases, for config options or something similar.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds dangerous to just assume that for a utility function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In real world, we have used to assume "case-insensitive" means ASCII-only.
That's why I believe Golang's strings.EqualFold
is a wrong design, Unicode case-insensitive doesn't make sense for backend logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that strings.ToLower
is also unicode-aware, so code using that vs. strings.EqualFold
should be strictly equivalent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I think we are blowing this out of proportion. Nowadays it should be assumed that strings contain unicode and not ASCII and it's good to use unicode-aware case convertions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I think we are blowing this out of proportion. Nowadays it should be assumed that strings contain unicode and not ASCII and it's good to use unicode-aware case convertions.
But not for "backend logic" like "path handling", "name comparing" and "protocol parsing" (we have discussed it in another PR)
We have strictly required "username" to be "ASCII-only", it doesn't make sense to use "Unicode case-insensitive functions" to compare a user's input to the ASCII-only internal username.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I will leave this case unchanged as its a generic utility function.
That would probably require a custom lint rule and I have no experience writing them. |
Hmm, I can see most |
@wxiaoguang want to push your fixes here? We could just transform the PR to a be a refactor and remove the lint rule enablement. I have no strong feelings about it and if it's more hindersome, we don't need to enable it. |
TBH I don't have motivation to touch this part code. Existing code doesn't bother me, there are far more other things that need to fix. So the |
Signed-off-by: silverwind <[email protected]>
Signed-off-by: silverwind <[email protected]>
Signed-off-by: silverwind <[email protected]>
Signed-off-by: silverwind <[email protected]>
I will leave the rule enabled as it will only trigger for comparing against |
* giteaofficial/main: [skip ci] Updated translations via Crowdin Rerun job only when run is done (go-gitea#34970) Enable gocritic `equalFold` and fix issues (go-gitea#34952) Fixed minor typos in two files #HSFDPMUW (go-gitea#34944) Improve project & label color picker and image scroll (go-gitea#34971) Refactor webhook and fix feishu/lark secret (go-gitea#34961) Improve OAuth2 provider (correct Issuer, respect ENABLED) (go-gitea#34966) Merge index.js (go-gitea#34963) [skip ci] Updated translations via Crowdin Mark old reviews as stale on agit pr updates (go-gitea#34933) Refactor "delete-button" to "link-action" (go-gitea#34962) Refactor frontend unique id & comment (go-gitea#34958) Refactor some trivial problems (go-gitea#34959) Upgrade security public key (go-gitea#34956) Fix git graph page (go-gitea#34948) Update JS dependencies (go-gitea#34951) Refactor head navbar icons (go-gitea#34922) # Conflicts: # templates/base/head_navbar.tmpl
Continuation of #34678.