mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-01 11:12:42 +01:00
d401036bd8
Summary: Via HackerOne. There are two attacks here: - Configuring mirroring to a `file://` URI to place files on disk or overwrite another repository. This is not particularly severe. - Configuring cloning from a `file://` URI to read repositories you should not have access to. This is more severe. Historically, repository creation and editing explicitly supported `file://` URIs to deal with use cases where you had something else managing repositories on the same machine. Since there were no permissions, repository management was admin-only, and you couldn't mirror, this was fine. As we've evolved, this use case is a tiny minority use case and the security implications of `file://` URIs overwhelm the utility it provides. Prevent the use of `file://` URIs. Existing configured repositories won't stop working, you just can't add any new ones. Also prevent `localPath` from being set via Conduit (see T4039). Test Plan: - Tried to create a `file://` repository. - Tried to create a `file://` mirror. - Tried to create a `file://` repository via Conduit. - Created a non-`file://` repository. - Created a non-`file://` mirror. - Created a non-`file://` repository via Conduit. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D9513 |
||
|---|---|---|
| .. | ||
| application | ||
| capability | ||
| conduit | ||
| config | ||
| controller | ||
| data | ||
| doorkeeper | ||
| engine | ||
| events | ||
| exception | ||
| herald | ||
| panel | ||
| protocol | ||
| query | ||
| remarkup | ||
| request | ||
| response | ||
| ssh | ||
| view | ||
| DiffusionLintSaveRunner.php | ||