From 749b192e94e65c40e27a3a2e7566a47ccce20ce9 Mon Sep 17 00:00:00 2001 From: "m.kindritskiy" Date: Tue, 21 Oct 2025 19:03:00 +0300 Subject: [PATCH 1/2] check remote mixin content type when downloading --- config/config/config.go | 3 +-- config/config/mixin.go | 14 ++++++++++++++ docs/docs/ide_support.md | 31 +++++++------------------------ 3 files changed, 22 insertions(+), 26 deletions(-) diff --git a/config/config/config.go b/config/config/config.go index dc7c9aa..e1453f5 100644 --- a/config/config/config.go +++ b/config/config/config.go @@ -282,8 +282,7 @@ func (c *Config) readMixins(mixins []*Mixin) error { for _, mixin := range mixins { if err := c.readMixin(mixin); err != nil { - // TODO: check if error is correct, concise and for humans - return err + return fmt.Errorf("failed to read remote mixin config '%s': %w", mixin.Remote.URL, err) } } diff --git a/config/config/mixin.go b/config/config/mixin.go index 6d3bdfb..d989647 100644 --- a/config/config/mixin.go +++ b/config/config/mixin.go @@ -12,9 +12,18 @@ import ( "strings" "time" + "github.com/lets-cli/lets/set" "github.com/lets-cli/lets/util" ) +var allowedContentTypes = set.NewSet( + "text/plain", + "text/yaml", + "text/x-yaml", + "application/yaml", + "application/x-yaml", +) + type Mixins []*Mixin type Mixin struct { @@ -110,6 +119,11 @@ func (rm *RemoteMixin) download() ([]byte, error) { return nil, fmt.Errorf("network error: %s", resp.Status) } + contentType := resp.Header.Get("Content-Type") + if !allowedContentTypes.Contains(contentType) { + return nil, fmt.Errorf("unsupported content type: %s", contentType) + } + data, err := io.ReadAll(resp.Body) if err != nil { return nil, fmt.Errorf("failed to read response: %w", err) diff --git a/docs/docs/ide_support.md b/docs/docs/ide_support.md index 81d0f4e..b0a64ae 100644 --- a/docs/docs/ide_support.md +++ b/docs/docs/ide_support.md @@ -62,35 +62,18 @@ vim.filetype.add({ }) ``` -2. In your `neovim/nvim-lspconfig` servers configuration: +2. Define `lets_ls` lsp config -In order for `nvim-lspconfig` to recognize `lets lsp` we must define config for `lets_ls` (lets_ls is just a conventional name because we are not officially added to `neovim/nvim-lspconfig`) +Requires `neovim >= 0.11.2` ```lua -require("lspconfig.configs").lets_ls = { - default_config = { - cmd = { - "lets self lsp", - }, - filetypes = { "yaml.lets" }, - root_dir = util.root_pattern("lets.yaml"), - settings = {}, - }, +vim.lsp.config.lets_ls = { + cmd = { "lets", "self", "lsp" }, + filetypes = { "yaml.lets" }, + root_markers = { "lets.yaml" }, } -``` - -3. And then enable lets_ls in then servers section: -```lua -return { - "neovim/nvim-lspconfig", - opts = { - servers = { - lets_ls = {}, - pyright = {}, -- pyright here just as hint to where we should add lets_ls - }, - }, -} +vim.lsp.enable("lets_ls") ``` ### JSON Schema From be8af3a2742e35bb935b79b0c323b1288fe93edd Mon Sep 17 00:00:00 2001 From: "m.kindritskiy" Date: Tue, 21 Oct 2025 19:09:05 +0300 Subject: [PATCH 2/2] normalize content-type header value before checking for allowed content-types --- config/config/mixin.go | 15 +++++- config/config/mixin_test.go | 103 ++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 config/config/mixin_test.go diff --git a/config/config/mixin.go b/config/config/mixin.go index d989647..1a33eed 100644 --- a/config/config/mixin.go +++ b/config/config/mixin.go @@ -6,6 +6,7 @@ import ( "encoding/hex" "fmt" "io" + "mime" "net/http" "os" "path/filepath" @@ -24,6 +25,17 @@ var allowedContentTypes = set.NewSet( "application/x-yaml", ) +// normalizeContentType extracts the media type from a Content-Type header, +// removing parameters like charset to enable robust matching. +func normalizeContentType(contentType string) string { + mediaType, _, err := mime.ParseMediaType(contentType) + if err != nil { + // If parsing fails, return the original string + return contentType + } + return mediaType +} + type Mixins []*Mixin type Mixin struct { @@ -120,7 +132,8 @@ func (rm *RemoteMixin) download() ([]byte, error) { } contentType := resp.Header.Get("Content-Type") - if !allowedContentTypes.Contains(contentType) { + normalizedContentType := normalizeContentType(contentType) + if !allowedContentTypes.Contains(normalizedContentType) { return nil, fmt.Errorf("unsupported content type: %s", contentType) } diff --git a/config/config/mixin_test.go b/config/config/mixin_test.go new file mode 100644 index 0000000..77f42d1 --- /dev/null +++ b/config/config/mixin_test.go @@ -0,0 +1,103 @@ +package config + +import ( + "testing" +) + +func TestNormalizeContentType(t *testing.T) { + tests := []struct { + name string + contentType string + expectedResult string + }{ + { + name: "simple content type", + contentType: "text/plain", + expectedResult: "text/plain", + }, + { + name: "content type with charset parameter", + contentType: "text/yaml; charset=utf-8", + expectedResult: "text/yaml", + }, + { + name: "content type with multiple parameters", + contentType: "application/yaml; charset=utf-8; boundary=something", + expectedResult: "application/yaml", + }, + { + name: "content type with quoted parameters", + contentType: `text/x-yaml; charset="utf-8"`, + expectedResult: "text/x-yaml", + }, + { + name: "invalid content type", + contentType: "invalid/content/type; malformed", + expectedResult: "invalid/content/type; malformed", + }, + { + name: "empty content type", + contentType: "", + expectedResult: "", + }, + { + name: "content type with spaces", + contentType: "text/plain ; charset=utf-8", + expectedResult: "text/plain", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := normalizeContentType(tt.contentType) + if result != tt.expectedResult { + t.Errorf("normalizeContentType(%q) = %q, want %q", tt.contentType, result, tt.expectedResult) + } + }) + } +} + +func TestAllowedContentTypes(t *testing.T) { + // Test that our normalization works with the allowed content types + testCases := []string{ + "text/plain", + "text/yaml", + "text/x-yaml", + "application/yaml", + "application/x-yaml", + } + + for _, contentType := range testCases { + // Test without parameters + if !allowedContentTypes.Contains(contentType) { + t.Errorf("allowedContentTypes should contain %q", contentType) + } + + // Test with charset parameter + withCharset := contentType + "; charset=utf-8" + normalized := normalizeContentType(withCharset) + if !allowedContentTypes.Contains(normalized) { + t.Errorf("normalized content type %q should be allowed (original: %q)", normalized, withCharset) + } + } + + // Test that disallowed content types are rejected + disallowedTypes := []string{ + "application/json", + "text/html", + "application/xml", + } + + for _, contentType := range disallowedTypes { + if allowedContentTypes.Contains(contentType) { + t.Errorf("allowedContentTypes should not contain %q", contentType) + } + + // Test with parameters + withCharset := contentType + "; charset=utf-8" + normalized := normalizeContentType(withCharset) + if allowedContentTypes.Contains(normalized) { + t.Errorf("normalized content type %q should not be allowed (original: %q)", normalized, withCharset) + } + } +}