Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-28 04:36:11 +01:00
forgejo/routers/private
Gergely Nagy c8645d2a70
hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit cc80e66153)

Conflicts: tests/integration/git_push_test.go
  	DeleteRepositoryDirectly does not exist
	CreateRepoOptions is in repo_module
2024-04-18 23:07:18 +02:00
..
tests/repos Fix verifyCommits error when push a new branch (#26664) (#26810) 2023-09-08 08:09:18 +02:00
actions.go [CLI] implement forgejo-cli actions register (squash) no private 2023-07-16 23:21:45 +02:00
default_branch.go Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (#23687) 2023-03-29 14:32:26 +08:00
hook_post_receive.go Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00
hook_pre_receive.go hooks: Harden when we accept push options that change repo settings 2024-04-18 23:07:18 +02:00
hook_proc_receive.go Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (#23687) 2023-03-29 14:32:26 +08:00
hook_verification.go Fix verifyCommits error when push a new branch (#26664) (#26810) 2023-09-08 08:09:18 +02:00
hook_verification_test.go Fix verifyCommits error when push a new branch (#26664) (#26810) 2023-09-08 08:09:18 +02:00
internal.go [CLI] implement forgejo-cli actions register (squash) no private 2023-07-16 23:21:45 +02:00
internal_repo.go Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (#23687) 2023-03-29 14:32:26 +08:00
key.go Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (#23687) 2023-03-29 14:32:26 +08:00
mail.go Prevent multiple To recipients (#22566) 2023-01-22 08:23:52 -06:00
main_test.go Fix verifyCommits error when push a new branch (#26664) (#26810) 2023-09-08 08:09:18 +02:00
manager.go Fix logger refactoring regression: manager logging add (#24847) 2023-05-24 08:09:33 +08:00
manager_process.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
manager_unix.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
manager_windows.go Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (#23687) 2023-03-29 14:32:26 +08:00
restore_repo.go Fix regression: access log template, gitea manager cli command (#24838) 2023-05-22 09:38:38 +08:00
serv.go Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (#23687) 2023-03-29 14:32:26 +08:00
ssh_log.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00