Enable gocritic equalFold and fix issues#34952
Conversation
|
Is it possible to forbid I can see some developers will abuse |
| // Note: we're not attempting to match the URL scheme (http/https) | ||
| host := strings.ToLower(u.Host) | ||
| if host != "" && host != strings.ToLower(r.localhost.Host) { | ||
| if u.Host != "" && !strings.EqualFold(u.Host, r.localhost.Host) { |
There was a problem hiding this comment.
Host should be ASCII only
There was a problem hiding this comment.
Hostnames can contain unicode potentially:
There was a problem hiding this comment.
No, backend is ASCII-only, see the Punycode
In the Domain Name System, these domains use an ASCII representation consisting of the prefix "xn--" followed by the Punycode translation of the Unicode representation of the language-specific alphabet or script glyphs. For example, the Cyrillic name of Russia's IDN ccTLD is "рф". In Punycode representation, this is "p1ai", and its DNS name is "xn--p1ai".
There was a problem hiding this comment.
Are you certain that domains will enter in their punycode form into this function? I am not and therefore it's better to use unicode-aware functions.
There was a problem hiding this comment.
Are you certain that domains will enter in their punycode form into this function?
|
|
||
| func (c logCompression) IsNone() bool { | ||
| return strings.ToLower(string(c)) == "none" | ||
| return strings.EqualFold(string(c), "none") |
There was a problem hiding this comment.
It should completely drop the ToLower or EqualFold, we never used case-insensitive config options in app.ini
There was a problem hiding this comment.
Done, but I think these are still potentially breaking changes.
There was a problem hiding this comment.
I will help to explain if any user complains.
| if len(insensitive) != 0 && insensitive[0] { | ||
| target = strings.ToLower(target) | ||
| return slices.ContainsFunc(slice, func(t string) bool { return strings.ToLower(t) == target }) | ||
| return slices.ContainsFunc(slice, func(t string) bool { return strings.EqualFold(t, target) }) |
There was a problem hiding this comment.
IIRC SliceContainsString is only used for ASCII-only cases, for config options or something similar.
There was a problem hiding this comment.
Sounds dangerous to just assume that for a utility function?
There was a problem hiding this comment.
In real world, we have used to assume "case-insensitive" means ASCII-only.
That's why I believe Golang's strings.EqualFold is a wrong design, Unicode case-insensitive doesn't make sense for backend logic.
There was a problem hiding this comment.
Note that strings.ToLower is also unicode-aware, so code using that vs. strings.EqualFold should be strictly equivalent.
There was a problem hiding this comment.
Personally I think we are blowing this out of proportion. Nowadays it should be assumed that strings contain unicode and not ASCII and it's good to use unicode-aware case convertions.
There was a problem hiding this comment.
Personally I think we are blowing this out of proportion. Nowadays it should be assumed that strings contain unicode and not ASCII and it's good to use unicode-aware case convertions.
But not for "backend logic" like "path handling", "name comparing" and "protocol parsing" (we have discussed it in another PR)
We have strictly required "username" to be "ASCII-only", it doesn't make sense to use "Unicode case-insensitive functions" to compare a user's input to the ASCII-only internal username.
There was a problem hiding this comment.
I think I will leave this case unchanged as its a generic utility function.
That would probably require a custom lint rule and I have no experience writing them. |
|
Hmm, I can see most |
|
@wxiaoguang want to push your fixes here? We could just transform the PR to a be a refactor and remove the lint rule enablement. I have no strong feelings about it and if it's more hindersome, we don't need to enable it. |
TBH I don't have motivation to touch this part code. Existing code doesn't bother me, there are far more other things that need to fix. So the |
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: silverwind <me@silverwind.io>
|
I will leave the rule enabled as it will only trigger for comparing against |
* giteaofficial/main: [skip ci] Updated translations via Crowdin Rerun job only when run is done (go-gitea#34970) Enable gocritic `equalFold` and fix issues (go-gitea#34952) Fixed minor typos in two files #HSFDPMUW (go-gitea#34944) Improve project & label color picker and image scroll (go-gitea#34971) Refactor webhook and fix feishu/lark secret (go-gitea#34961) Improve OAuth2 provider (correct Issuer, respect ENABLED) (go-gitea#34966) Merge index.js (go-gitea#34963) [skip ci] Updated translations via Crowdin Mark old reviews as stale on agit pr updates (go-gitea#34933) Refactor "delete-button" to "link-action" (go-gitea#34962) Refactor frontend unique id & comment (go-gitea#34958) Refactor some trivial problems (go-gitea#34959) Upgrade security public key (go-gitea#34956) Fix git graph page (go-gitea#34948) Update JS dependencies (go-gitea#34951) Refactor head navbar icons (go-gitea#34922) # Conflicts: # templates/base/head_navbar.tmpl
Continuation of #34678.