diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2021-11-20 17:34:05 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-20 17:34:05 +0800 |
| commit | 013fb73068281b45b33c72abaae0c42c8d79c499 (patch) | |
| tree | 5cb710ea15a6f471648ecf19e2fdfab9804cb084 /modules/setting/migrations.go | |
| parent | c96be0cd982255f20a3fe6ff4683115b8073e65e (diff) | |
| download | gitea-013fb73068281b45b33c72abaae0c42c8d79c499.tar.gz gitea-013fb73068281b45b33c72abaae0c42c8d79c499.zip | |
Use `hostmatcher` to replace `matchlist`, improve security (#17605)
Use hostmacher to replace matchlist.
And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
Diffstat (limited to 'modules/setting/migrations.go')
| -rw-r--r-- | modules/setting/migrations.go | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/modules/setting/migrations.go b/modules/setting/migrations.go index b663b52f89..34d9037275 100644 --- a/modules/setting/migrations.go +++ b/modules/setting/migrations.go @@ -4,17 +4,13 @@ package setting -import ( - "strings" -) - var ( // Migrations settings Migrations = struct { MaxAttempts int RetryBackoff int - AllowedDomains []string - BlockedDomains []string + AllowedDomains string + BlockedDomains string AllowLocalNetworks bool SkipTLSVerify bool }{ @@ -28,15 +24,8 @@ func newMigrationsService() { Migrations.MaxAttempts = sec.Key("MAX_ATTEMPTS").MustInt(Migrations.MaxAttempts) Migrations.RetryBackoff = sec.Key("RETRY_BACKOFF").MustInt(Migrations.RetryBackoff) - Migrations.AllowedDomains = sec.Key("ALLOWED_DOMAINS").Strings(",") - for i := range Migrations.AllowedDomains { - Migrations.AllowedDomains[i] = strings.ToLower(Migrations.AllowedDomains[i]) - } - Migrations.BlockedDomains = sec.Key("BLOCKED_DOMAINS").Strings(",") - for i := range Migrations.BlockedDomains { - Migrations.BlockedDomains[i] = strings.ToLower(Migrations.BlockedDomains[i]) - } - + Migrations.AllowedDomains = sec.Key("ALLOWED_DOMAINS").MustString("") + Migrations.BlockedDomains = sec.Key("BLOCKED_DOMAINS").MustString("") Migrations.AllowLocalNetworks = sec.Key("ALLOW_LOCALNETWORKS").MustBool(false) Migrations.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool(false) } |