Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-08 21:34:59 +02:00
Code Issues Activity
gitea/cmd
History
bircni 42513398c0
fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass (#38008) 
An authenticated SSH user could pass a malformed sub-verb (e.g.
`git-lfs-authenticate <repo> badverb`) so getAccessMode falls through to
AccessModeNone (0). The permission check in routers/private/serv.go then
evaluates `userMode < 0` which is always false, granting a valid LFS JWT
for any private repository. The HTTP LFS handler only validates the Op
claim on writes, so the token works for downloads.

Validate the sub-verb in runServ before calling getAccessMode and fail
fast for anything other than upload/download.
2026-06-06 17:44:56 +02:00
..
cmdtest
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
actions.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth_ldap_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth_ldap.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth_oauth_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth_oauth.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth_smtp_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth_smtp.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_auth.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_regenerate.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_change_password_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_change_password.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_create_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_create.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_delete_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_delete.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_generate_access_token.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_list.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_must_change_password_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user_must_change_password.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
admin_user.go
Switch cmd/ to use constructor functions. (#36962)
2026-03-25 15:53:13 +01:00
admin.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
cert_test.go
Fix cmd tests by mocking builtin paths (#37369)
2026-04-22 20:58:59 +00:00
cert.go
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
config_test.go
Intorduce "config edit-ini" sub command to help maintaining INI config file (#35735)
2025-10-25 10:54:55 +08:00
config.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
docs.go
Switch cmd/ to use constructor functions. (#36962)
2026-03-25 15:53:13 +01:00
doctor_convert.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
doctor_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
doctor.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
dump_repo.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
dump.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
embedded.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
generate.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
helper.go
chore(deps): update urfave/cli/v3 to v3.9.0 (#37863)
2026-05-30 20:56:16 +00:00
hook_test.go
Fix some trivial problems (#36336)
2026-01-09 20:58:21 +02:00
hook.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
keys.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
mailer.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
main_test.go
chore(deps): update urfave/cli/v3 to v3.9.0 (#37863)
2026-05-30 20:56:16 +00:00
main.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
manager_logging.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
manager.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
migrate_storage_test.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
migrate_storage.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
migrate.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
restore_repo.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
serv_test.go
fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass (#38008)
2026-06-06 17:44:56 +02:00
serv.go
fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass (#38008)
2026-06-06 17:44:56 +02:00
web_acme.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
web_graceful.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
web_https.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00
web.go
chore: Move import path from code.gitea.io/gitea to gitea.dev (#37873)
2026-05-26 15:49:31 -07:00