Description
Hi,
URLs with an empty repository name before .git find "random" repositories.
Example: https://gitea.com/gitea/.git/info/refs
As far as I can tell this happends because:
- The "githttp"-handling will strip
.git from the :reponame path parameter, i.e. ending up with an empty string:
|
func httpBase(ctx *context.Context) *serviceHandler { |
|
username := ctx.PathParam(":username") |
|
reponame := strings.TrimSuffix(ctx.PathParam(":reponame"), ".git") |
|
|
|
if ctx.FormString("go-get") == "1" { |
|
context.EarlyResponseForGoGetMeta(ctx) |
|
return nil |
|
} |
|
|
|
var isPull, receivePack bool |
|
service := ctx.FormString("service") |
|
if service == "git-receive-pack" || |
|
strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") { |
|
isPull = false |
|
receivePack = true |
|
} else if service == "git-upload-pack" || |
|
strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") { |
|
isPull = true |
|
} else if service == "git-upload-archive" || |
|
strings.HasSuffix(ctx.Req.URL.Path, "git-upload-archive") { |
|
isPull = true |
|
} else { |
|
isPull = ctx.Req.Method == "GET" |
|
} |
|
|
|
var accessMode perm.AccessMode |
|
if isPull { |
|
accessMode = perm.AccessModeRead |
|
} else { |
|
accessMode = perm.AccessModeWrite |
|
} |
|
|
|
isWiki := false |
|
unitType := unit.TypeCode |
|
|
|
if strings.HasSuffix(reponame, ".wiki") { |
|
isWiki = true |
|
unitType = unit.TypeWiki |
|
reponame = reponame[:len(reponame)-5] |
|
} |
|
|
|
owner := ctx.ContextUser |
|
if !owner.IsOrganization() && !owner.IsActive { |
|
ctx.PlainText(http.StatusForbidden, "Repository cannot be accessed. You cannot push or open issues/pull-requests.") |
|
return nil |
|
} |
|
|
|
repoExist := true |
|
repo, err := repo_model.GetRepositoryByName(ctx, owner.ID, reponame) |
GetRepositoryByName uses some magic "Get" method on an partially initialized object, passing an empty string as LowerName - but empty fields are likely not used in the WHERE filter string for the databse.
|
func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) { |
|
repo := &Repository{ |
|
OwnerID: ownerID, |
|
LowerName: strings.ToLower(name), |
|
} |
|
has, err := db.GetEngine(ctx).Get(repo) |
|
if err != nil { |
|
return nil, err |
|
} else if !has { |
|
return nil, ErrRepoNotExist{0, ownerID, "", name} |
|
} |
|
return repo, err |
|
} |
Imho the most reliable solution is for GetRepositoryByName not to find repositories with empty names.
cheers,
Stefan
Gitea Version
gitea.com doesn't say
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
gitea.com is your instance.
Database
None
