mirror of
1
Fork 0
forgejo/modules/setting
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
..
config Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
actions.go [CI] DEFAULT_ACTIONS_URL = https://code.forgejo.org 2024-02-05 13:33:58 +01:00
actions_test.go [CI] DEFAULT_ACTIONS_URL = https://code.forgejo.org 2024-02-05 13:33:58 +01:00
admin.go [GITEA] notifies admins on new user registration 2024-02-05 16:09:28 +01:00
api.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
asset_dynamic.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
asset_static.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
attachment.go Fix incorrect default value of `[attachment].MAX_SIZE` (#28373) 2023-12-06 10:59:56 -05:00
attachment_test.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
badges.go [GITEA] Add support for shields.io-based badges 2024-02-05 16:09:42 +01:00
cache.go Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
camo.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
config.go Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
config_env.go [BRANDING] parse FORGEJO__* in the container environment 2024-02-05 16:05:02 +01:00
config_env_test.go [BRANDING] parse FORGEJO__* in the container environment 2024-02-05 16:05:02 +01:00
config_provider.go [gitea] Remove unnecessary parameter (#29092) 2024-02-10 10:53:43 +01:00
config_provider_test.go Fix INI parsing for value with trailing slash (#26995) 2023-09-10 16:15:51 +00:00
cors.go Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
cron.go Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
cron_test.go Rewrite queue (#24505) 2023-05-08 19:49:59 +08:00
database.go feat(xorm): add max idle time setting for db connections (#2418) 2024-02-21 12:17:16 +00:00
database_sqlite.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
database_test.go Fix incorrect PostgreSQL connection string for Unix sockets (#28865) 2024-01-20 16:04:47 +00:00
federation.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
forgejo_storage_test.go [TESTS] verify facts for the admin storage documentation 2024-02-05 14:44:33 +01:00
git.go Use `[git.config]` for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
git_test.go Use `[git.config]` for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
highlight.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
i18n.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
incoming_email.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
indexer.go Allow skipping forks and mirrors from being indexed (#23187) 2023-05-25 16:13:47 +08:00
indexer_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
lfs.go Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
lfs_test.go Display deprecated warning in admin panel pages as well as in the log file (#26094) 2023-07-26 03:53:37 +00:00
log.go Clarify the logger's MODE config option (#26267) 2023-08-01 18:28:23 +00:00
log_test.go Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
mailer.go Make mailer SMTP check have timed context (#24751) 2023-05-16 22:55:51 +02:00
mailer_test.go Remove unnecessary code (#24610) 2023-05-10 04:57:06 +00:00
markup.go Add .livemd as a markdown extension (#22730) 2023-04-26 11:22:54 -04:00
metrics.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
migrations.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
mime_type_map.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
mirror.go Avoid polluting the config (#25345) 2023-06-18 16:10:44 +00:00
oauth2.go Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
oauth2_test.go Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
other.go Refactor `setting.Other` and remove unused `SHOW_FOOTER_BRANDING` (#24270) 2023-04-22 19:38:25 -04:00
packages.go Avoid creating directories when loading config (#25944) 2023-07-18 07:32:36 -05:00
packages_test.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
path.go [BRANDING] alias {FORGEJO,GITEA}_{CUSTOM,WORK_DIR} 2024-02-05 16:05:01 +01:00
path_test.go [BRANDING] alias {FORGEJO,GITEA}_{CUSTOM,WORK_DIR} 2024-02-05 16:05:01 +01:00
picture.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
project.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
proxy.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
queue.go Increase queue length (#27555) 2023-10-10 18:47:49 +08:00
repository.go Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
repository_archive.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
repository_archive_test.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
security.go Warn that `DISABLE_QUERY_AUTH_TOKEN` is false only if it's explicitly defined (#28783) 2024-01-14 21:20:18 +01:00
server.go [BRANDING] Rebrand default config settings for new installs (#140) 2024-02-05 16:02:13 +01:00
service.go [GITEA] add option for banning dots in usernames 2024-02-05 16:05:50 +01:00
service_test.go Fix allowed user types setting problem (#26200) 2023-07-28 12:15:39 -04:00
session.go Use secure cookie for HTTPS sites (#26999) 2023-09-11 17:03:51 +08:00
setting.go [gitea] Remove unnecessary parameter (#29092) 2024-02-10 10:53:43 +01:00
setting_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
ssh.go Expanded minimum RSA Keylength to 3072 (#26604) 2023-08-28 00:53:16 +00:00
storage.go Support storage base path as prefix (#27827) 2023-11-01 19:17:18 +08:00
storage_test.go Support storage base path as prefix (#27827) 2023-11-01 19:17:18 +08:00
task.go handle deprecated settings (#22992) 2023-02-20 16:18:26 -06:00
time.go Remove unused setting `time.FORMAT` (#24430) 2023-04-29 22:51:43 +02:00
ui.go [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
webhook.go [BRANDING] add the forgejo webhook type & update webhook docs URLs 2024-02-05 16:02:14 +01:00