web/forgejo
10
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Use hostmatcher to replace matchlist, improve security (#17605)

Browse source 
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
This commit is contained in:
wxiaoguang 2021-11-20 17:34:05 +08:00 committed by GitHub
parent c96be0cd98
commit 013fb73068
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 377 additions and 293 deletions
Download patch file Download diff file Expand all files Collapse all files

2
services/migrations/gitea_uploader.go
View file

@ -125,7 +125,7 @@ func (g *GiteaLocalUploader) CreateRepo(repo *base.Repository, opts base.Migrate
Wiki: opts.Wiki,
Releases: opts.Releases, // if didn't get releases, then sync them from tags
MirrorInterval: opts.MirrorInterval,
})
}, NewMigrationHTTPTransport())
g.repo = r
if err != nil {