diff options
| author | Michael Kuhn <suraia@ikkoku.de> | 2018-11-28 08:00:25 +0100 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2018-11-28 09:00:25 +0200 |
| commit | 0222623be9fa4a56d870213f77b92139cefc2518 (patch) | |
| tree | a8a2d69feb72227bf2ee87a9868e75b492190b69 /modules | |
| parent | 08bf443016bae30690417b4835076709ef36e3b0 (diff) | |
| download | gitea-0222623be9fa4a56d870213f77b92139cefc2518.tar.gz gitea-0222623be9fa4a56d870213f77b92139cefc2518.zip | |
Explicitly disable Git credential helper (#5367)
* Explicitly disable Git credential helper
If the user running Gitea has configured a credential helper, Git
credentials might leak out of Gitea.
There are two problems with credential helpers when combined with Gitea:
1. Credentials entered by a user when doing a migration or setting up a
mirror will end up in the credential store. In the worst case, this
is the plain text file ~/.git-credentials.
2. Credentials in the credential store will be used for migrations and
mirrors by all users. For example, if user A sets up a mirror, their
credentials will be stored. If user B later sets up a mirror from the
same host and does not enter any credentials, user A's credentials
will be used.
This PR prepends -c credential.helper= to all Git commands to clear the
list of helpers. This requires at least Git version 2.9, as previous
versions will try to load an empty helper instead. For more details, see
https://github.com/git/git/commit/24321375cda79f141be72d1a842e930df6f41725
* Update git module
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/setting/setting.go | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index ea0fa73dd0..f7da6baac4 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -34,6 +34,7 @@ import ( _ "github.com/go-macaron/session/redis" // redis plugin for store session "github.com/go-xorm/core" "github.com/kballard/go-shellquote" + "github.com/mcuadros/go-version" "gopkg.in/ini.v1" "strk.kbt.io/projects/go/libravatar" ) @@ -929,23 +930,7 @@ func NewContext() { log.Fatal(4, "Error retrieving git version: %v", err) } - splitVersion := strings.SplitN(binVersion, ".", 4) - - majorVersion, err := strconv.ParseUint(splitVersion[0], 10, 64) - if err != nil { - log.Fatal(4, "Error parsing git major version: %v", err) - } - minorVersion, err := strconv.ParseUint(splitVersion[1], 10, 64) - if err != nil { - log.Fatal(4, "Error parsing git minor version: %v", err) - } - revisionVersion, err := strconv.ParseUint(splitVersion[2], 10, 64) - if err != nil { - log.Fatal(4, "Error parsing git revision version: %v", err) - } - - if !((majorVersion > 2) || (majorVersion == 2 && minorVersion > 1) || - (majorVersion == 2 && minorVersion == 1 && revisionVersion >= 2)) { + if !version.Compare(binVersion, "2.1.2", ">=") { LFS.StartServer = false log.Error(4, "LFS server support needs at least Git v2.1.2") @@ -1206,6 +1191,16 @@ func NewContext() { sec = Cfg.Section("U2F") U2F.TrustedFacets, _ = shellquote.Split(sec.Key("TRUSTED_FACETS").MustString(strings.TrimRight(AppURL, "/"))) U2F.AppID = sec.Key("APP_ID").MustString(strings.TrimRight(AppURL, "/")) + + binVersion, err := git.BinVersion() + if err != nil { + log.Fatal(4, "Error retrieving git version: %v", err) + } + + if version.Compare(binVersion, "2.9", ">=") { + // Explicitly disable credential helper, otherwise Git credentials might leak + git.GlobalCommandArgs = append(git.GlobalCommandArgs, "-c", "credential.helper=") + } } // Service settings |