mirror of
1
Fork 0
forgejo/modules
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
..
actions Implement some action notifier functions (#29173) 2024-02-19 22:58:32 +01:00
activitypub Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Use `Set[Type]` instead of `map[Type]bool/struct{}`. (#26804) 2023-08-30 06:55:25 +00:00
auth Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
avatar [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
base Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
cache Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
charset [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context [BUG] Load `AllUnitsEnabled` when necessary 2024-02-21 12:48:26 +01:00
contexttest Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
csv Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Final round of `db.DefaultContext` refactor (#27587) 2023-10-14 08:37:24 +00:00
generate Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
git [CLEANUP] make golangci-lint@v1.56.1 happy 2024-02-15 16:19:36 +01:00
gitgraph More `db.DefaultContext` refactor (#27265) 2023-09-29 12:12:54 +00:00
gitrepo Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
graceful Suggest to use Type=simple for systemd service (#28717) 2024-01-07 15:18:04 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Add option to disable ambiguous unicode characters detection (#28454) 2023-12-17 14:38:54 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer [gitea] fix: Elasticsearch: Request Entity Too Large #28117 (#29062) 2024-02-10 10:53:43 +01:00
issue/template Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
json Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
log Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
markup [BUG] Restrict when to make link absolute in markdown 2024-02-19 20:56:00 +01:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Reduce usage of `db.DefaultContext` (#27073) 2023-09-14 17:09:32 +00:00
migration Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
optional Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages [GITEA] feat(nuget): basic manifest download 2024-02-05 15:08:04 +01:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private [CLI] implement forgejo-cli 2024-02-05 13:33:58 +01:00
process Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue [CI] disable redis test, no redis server yet in CI 2024-02-05 13:33:58 +01:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Add support for sha256 repositories (#23894) 2024-01-19 17:05:02 +01:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository [CLEANUP] make golangci-lint@v1.56.1 happy 2024-02-15 16:19:36 +01:00
secret [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
session Next round of `db.DefaultContext` refactor (#27089) 2023-09-16 14:39:12 +00:00
setting [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage [CI] Forgejo Actions based CI for PR & branches 2024-02-05 13:33:59 +01:00
structs Add merge style `fast-forward-only` (#28954) 2024-02-14 17:19:19 +01:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
templates Refactor more code in templates (#29236) 2024-02-19 22:58:32 +01:00
test [TESTS] add log.Level to test.NewLogChecker 2024-02-05 16:54:44 +01:00
testlogger Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
timeutil Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
translation Improve TrHTML and add more tests (#29228) 2024-02-19 22:58:33 +01:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Detect ogg mime-type as audio or video (#26494) 2023-08-15 10:31:25 +08:00
updatechecker [PRIVACY] Add a DNS method to fetch new updates 2024-02-05 15:38:36 +01:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
validation [GITEA] add option for banning dots in usernames 2024-02-05 16:05:50 +01:00
web Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
webhook [ACTIONS] on.schedule: the event is always "schedule" 2024-02-05 16:54:44 +01:00