diff --git a/.claude/commands/ghsa.md b/.claude/commands/ghsa.md new file mode 100644 index 000000000..71b848c60 --- /dev/null +++ b/.claude/commands/ghsa.md @@ -0,0 +1,11 @@ +Analyze and help fix the GitHub Security Advisory (GHSA) at: $ARGUMENTS + +Steps: +1. Fetch the GHSA page using `gh api repos/gogs/gogs/security-advisories` and understand the vulnerability details (description, severity, affected versions, CWE). +2. Verify the reported vulnerability actually exists, and why. +3. Identify the affected code in this repository. +4. Propose a fix with a clear explanation of the root cause and how the fix addresses it. Check for prior art in the codebase to stay consistent with existing patterns. +5. Implement the fix. Only add tests when there is something meaningful to test at our layer. +6. Run all the usual build and test commands. +7. Create a branch named after the GHSA ID, commit, and push. +8. Create a pull request with a proper title and description, do not reveal too much detail and link the GHSA. diff --git a/templates/repo/branches/all.tmpl b/templates/repo/branches/all.tmpl index 40b9d2b52..dc88e71bd 100644 --- a/templates/repo/branches/all.tmpl +++ b/templates/repo/branches/all.tmpl @@ -14,7 +14,7 @@
{{if .IsProtected}} {{end}}{{.Name}} {{$timeSince := TimeSince .Commit.Committer.When $.Lang}} - {{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}} + {{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}
{{if and (and (eq $.BranchName .Name) $.IsRepositoryAdmin) (not $.Repository.IsMirror)}} diff --git a/templates/repo/branches/overview.tmpl b/templates/repo/branches/overview.tmpl index f8becf9d3..19a004e59 100644 --- a/templates/repo/branches/overview.tmpl +++ b/templates/repo/branches/overview.tmpl @@ -13,7 +13,7 @@
{{if .DefaultBranch.IsProtected}} {{end}}{{.DefaultBranch.Name}} {{$timeSince := TimeSince .DefaultBranch.Commit.Committer.When $.Lang}} - {{$.i18n.Tr "repo.branches.updated_by" $timeSince .DefaultBranch.Commit.Committer.Name | Safe}} + {{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .DefaultBranch.Commit.Committer.Name) | Safe}}
{{if and $.IsRepositoryAdmin (not $.Repository.IsMirror)}}
@@ -33,7 +33,7 @@
{{if .IsProtected}} {{end}}{{.Name}} {{$timeSince := TimeSince .Commit.Committer.When $.Lang}} - {{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}} + {{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}
{{if and $.IsRepositoryWriter $.AllowPullRequest}}
@@ -55,7 +55,7 @@
{{if .IsProtected}} {{end}}{{.Name}} {{$timeSince := TimeSince .Commit.Committer.When $.Lang}} - {{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}} + {{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}
{{if and $.IsRepositoryWriter $.AllowPullRequest}}
diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl index 6bad9c811..f6020b946 100644 --- a/templates/repo/wiki/view.tmpl +++ b/templates/repo/wiki/view.tmpl @@ -58,7 +58,7 @@ {{end}}
{{$timeSince := TimeSince .Author.When $.Lang}} - {{.i18n.Tr "repo.wiki.last_commit_info" .Author.Name $timeSince | Safe}} + {{.i18n.Tr "repo.wiki.last_commit_info" (Sanitize .Author.Name) $timeSince | Safe}}