0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-08 15:40:31 -05:00

git-grep: ensure bounded default for MatchesPerFile

Analogously to how it happens for MaxResultLimit.

The default of 20 is inspired by a well-known, commercial code
hosting platform.

Unbounded limits are risky because they expose Forgejo to a class
of DoS attacks where queries are crafted to take advantage of
missing bounds.
This commit is contained in:
Radosław Piliszek 2024-08-11 14:59:46 +02:00
parent 87d50eca87
commit 2fbb51ceb2

View file

@ -67,9 +67,8 @@ func GrepSearch(ctx context.Context, repo *Repository, search string, opts GrepO
"--null", "--break", "--heading", "--column", "--null", "--break", "--heading", "--column",
"--fixed-strings", "--line-number", "--ignore-case", "--full-name") "--fixed-strings", "--line-number", "--ignore-case", "--full-name")
cmd.AddOptionValues("--context", fmt.Sprint(opts.ContextLineNumber)) cmd.AddOptionValues("--context", fmt.Sprint(opts.ContextLineNumber))
if opts.MatchesPerFile > 0 { opts.MatchesPerFile = cmp.Or(opts.MatchesPerFile, 20)
cmd.AddOptionValues("--max-count", fmt.Sprint(opts.MatchesPerFile)) cmd.AddOptionValues("--max-count", fmt.Sprint(opts.MatchesPerFile))
}
words := []string{search} words := []string{search}
if opts.IsFuzzy { if opts.IsFuzzy {
words = strings.Fields(search) words = strings.Fields(search)