Bound PageSize in ListUnadoptedRepositories (#36884)

Add `SetDefaultValues()` call to ensure PageSize is bounded, preventing potential excessive memory allocation from unbounded pagination parameters. Fixes CodeQL alert [#188](https://github.com/go-gitea/gitea/security/code-scanning/188). All other 49 open alerts were false-positives and are dismissed with appropriate comments. Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
2026-03-15 09:00:32 +01:00 · 2026-03-13 02:20:58 +01:00
parent 538ec6ae6e
commit 2601f50026
1 changed files with 1 additions and 0 deletions
--- a/services/repository/adopt.go
+++ b/services/repository/adopt.go
@@ -291,6 +291,7 @@ func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesT

 // ListUnadoptedRepositories lists all the unadopted repositories that match the provided query
 func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListOptions) ([]string, int64, error) {
+	opts.SetDefaultValues()
 	globUser, _ := glob.Compile("*")
 	globRepo, _ := glob.Compile("*")