Skip to content

Commit e63fc23

Browse files
unknwonunknwon
authored
repo: ignore unintended Git options for diff preview (gogs#7871)
## Describe the pull request Fixes GHSA-9pp6-wq8c-3w2c
1 parent abad3bb commit e63fc23

File tree

2 files changed

+9
-7
lines changed

2 files changed

+9
-7
lines changed

internal/database/repo_editor.go

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ type UpdateRepoFileOptions struct {
119119

120120
// UpdateRepoFile adds or updates a file in repository.
121121
func (repo *Repository) UpdateRepoFile(doer *User, opts UpdateRepoFileOptions) (err error) {
122-
// 🚨 SECURITY: Prevent uploading files into the ".git" directory
122+
// 🚨 SECURITY: Prevent uploading files into the ".git" directory.
123123
if isRepositoryGitPath(opts.NewTreeName) {
124124
return errors.Errorf("bad tree path %q", opts.NewTreeName)
125125
}
@@ -220,7 +220,7 @@ func (repo *Repository) UpdateRepoFile(doer *User, opts UpdateRepoFileOptions) (
220220

221221
// GetDiffPreview produces and returns diff result of a file which is not yet committed.
222222
func (repo *Repository) GetDiffPreview(branch, treePath, content string) (diff *gitutil.Diff, err error) {
223-
// 🚨 SECURITY: Prevent uploading files into the ".git" directory
223+
// 🚨 SECURITY: Prevent uploading files into the ".git" directory.
224224
if isRepositoryGitPath(treePath) {
225225
return nil, errors.Errorf("bad tree path %q", treePath)
226226
}
@@ -243,7 +243,8 @@ func (repo *Repository) GetDiffPreview(branch, treePath, content string) (diff *
243243
return nil, fmt.Errorf("write file: %v", err)
244244
}
245245

246-
cmd := exec.Command("git", "diff", treePath)
246+
// 🚨 SECURITY: Prevent including unintended options in the path to the git command.
247+
cmd := exec.Command("git", "diff", "--end-of-options", treePath)
247248
cmd.Dir = localPath
248249
cmd.Stderr = os.Stderr
249250

@@ -288,7 +289,7 @@ type DeleteRepoFileOptions struct {
288289
}
289290

290291
func (repo *Repository) DeleteRepoFile(doer *User, opts DeleteRepoFileOptions) (err error) {
291-
// 🚨 SECURITY: Prevent uploading files into the ".git" directory
292+
// 🚨 SECURITY: Prevent uploading files into the ".git" directory.
292293
if isRepositoryGitPath(opts.TreePath) {
293294
return errors.Errorf("bad tree path %q", opts.TreePath)
294295
}
@@ -513,7 +514,7 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
513514
return nil
514515
}
515516

516-
// 🚨 SECURITY: Prevent uploading files into the ".git" directory
517+
// 🚨 SECURITY: Prevent uploading files into the ".git" directory.
517518
if isRepositoryGitPath(opts.TreePath) {
518519
return errors.Errorf("bad tree path %q", opts.TreePath)
519520
}
@@ -554,7 +555,7 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
554555
// 🚨 SECURITY: Prevent path traversal.
555556
upload.Name = pathutil.Clean(upload.Name)
556557

557-
// 🚨 SECURITY: Prevent uploading files into the ".git" directory
558+
// 🚨 SECURITY: Prevent uploading files into the ".git" directory.
558559
if isRepositoryGitPath(upload.Name) {
559560
continue
560561
}

internal/route/repo/editor.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -302,7 +302,8 @@ func NewFilePost(c *context.Context, f form.EditRepoFile) {
302302
}
303303

304304
func DiffPreviewPost(c *context.Context, f form.EditPreviewDiff) {
305-
treePath := c.Repo.TreePath
305+
// 🚨 SECURITY: Prevent path traversal.
306+
treePath := pathutil.Clean(c.Repo.TreePath)
306307

307308
entry, err := c.Repo.Commit.TreeEntry(treePath)
308309
if err != nil {

0 commit comments

Comments
 (0)