Nemcio/Gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 19:06:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use hostmatcher to replace matchlist, improve security (#17605)

Browse Source 
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
This commit is contained in:
wxiaoguang
2021-11-20 17:34:05 +08:00
committed by GitHub
parent c96be0cd98
commit 013fb73068
33 changed files with 377 additions and 293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
models/error.go
View File

@@ -797,7 +797,6 @@ type ErrInvalidCloneAddr struct {
IsPermissionDenied bool
LocalPath bool
NotResolvedIP bool
PrivateNet string
}
// IsErrInvalidCloneAddr checks if an error is a ErrInvalidCloneAddr.
@@ -810,9 +809,6 @@ func (err *ErrInvalidCloneAddr) Error() string {
if err.NotResolvedIP {
return fmt.Sprintf("migration/cloning from '%s' is not allowed: unknown hostname", err.Host)
}
if len(err.PrivateNet) != 0 {
return fmt.Sprintf("migration/cloning from '%s' is not allowed: the host resolve to a private ip address '%s'", err.Host, err.PrivateNet)
}
if err.IsInvalidPath {
return fmt.Sprintf("migration/cloning from '%s' is not allowed: the provided path is invalid", err.Host)
}