mirror of
1
Fork 0
forgejo/routers
Gergely Nagy aacc13fca8 hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit 8eba631f8d)
2024-04-20 05:58:39 +00:00
..
api Merge pull request '[backport] gitea#30406: Check the token's owner and repository when registering a runner' (#3262) from algernon/forgejo:backport/3257-to-7.0 into v7.0/forgejo 2024-04-19 15:41:18 +00:00
common Use relative links for commits, mentions, and issues in markdown (#29427) 2024-03-20 08:46:28 +01:00
install Update checker setting updates 2024-04-10 20:55:35 +00:00
private hooks: Harden when we accept push options that change repo settings 2024-04-20 05:58:39 +00:00
utils Improve user search display name (#29002) 2024-02-01 17:10:16 +00:00
web Fix release published actions not triggering for releases created from existing tags 2024-04-16 18:28:53 +00:00
init.go Actions Artifacts v4 backend (#28965) 2024-03-06 12:10:45 +08:00