TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 16:40:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use hostmatcher to replace matchlist, improve security (#17605)

Browse Source 
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
This commit is contained in:
wxiaoguang
2021-11-20 17:34:05 +08:00
committed by GitHub
parent c96be0cd98
commit 013fb73068
33 changed files with 377 additions and 293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/lfs/client_test.go
View File

@@ -13,10 +13,10 @@ import (
func TestNewClient(t *testing.T) {
u, _ := url.Parse("file:///test")
c := NewClient(u, true)
c := NewClient(u, nil)
assert.IsType(t, &FilesystemClient{}, c)
u, _ = url.Parse("https://test.com/lfs")
c = NewClient(u, true)
c = NewClient(u, nil)
assert.IsType(t, &HTTPClient{}, c)
}