Infrastructure/forgejo
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-28 02:14:06 -05:00
Code Issues Activity
forgejo/modules
History
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts 
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
..
actions Implement some action notifier functions (#29173) 2024-02-19 22:58:32 +01:00
activitypub Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
analyze
assetfs
auth Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
avatar [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
base Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
cache Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
charset [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
container
context [BUG] Load AllUnitsEnabled when necessary 2024-02-21 12:48:26 +01:00
contexttest Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
csv Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
emoji
eventsource Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
generate Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
git [CLEANUP] make golangci-lint@v1.56.1 happy 2024-02-15 16:19:36 +01:00
gitgraph More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
gitrepo Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
graceful Suggest to use Type=simple for systemd service (#28717) 2024-01-07 15:18:04 +00:00
hcaptcha
highlight Add option to disable ambiguous unicode characters detection (#28454) 2023-12-17 14:38:54 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib
indexer [gitea] fix: Elasticsearch: Request Entity Too Large #28117 (#29062) 2024-02-10 10:53:43 +01:00
issue/template
json
label
lfs [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
log
markup [BUG] Restrict when to make link absolute in markdown 2024-02-19 20:56:00 +01:00
mcaptcha
metrics
migration Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
nosql
optional Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
options
packages [GITEA] feat(nuget): basic manifest download 2024-02-05 15:08:04 +01:00
paginator
pprof
private [CLI] implement forgejo-cli 2024-02-05 13:33:58 +01:00
process Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
proxy
proxyprotocol
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue [CI] disable redis test, no redis server yet in CI 2024-02-05 13:33:58 +01:00
recaptcha
references Add support for sha256 repositories (#23894) 2024-01-19 17:05:02 +01:00
regexplru
repository [CLEANUP] make golangci-lint@v1.56.1 happy 2024-02-15 16:19:36 +01:00
secret [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
session
setting [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
sitemap
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage [CI] Forgejo Actions based CI for PR & branches 2024-02-05 13:33:59 +01:00
structs Add merge style fast-forward-only (#28954) 2024-02-14 17:19:19 +01:00
svg
sync
system Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
templates Refactor more code in templates (#29236) 2024-02-19 22:58:32 +01:00
test [TESTS] add log.Level to test.NewLogChecker 2024-02-05 16:54:44 +01:00
testlogger
timeutil Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
translation Improve TrHTML and add more tests (#29228) 2024-02-19 22:58:33 +01:00
turnstile
typesniffer
updatechecker [PRIVACY] Add a DNS method to fetch new updates 2024-02-05 15:38:36 +01:00
upload
uri
user
util Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
validation [GITEA] add option for banning dots in usernames 2024-02-05 16:05:50 +01:00
web Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
webhook [ACTIONS] on.schedule: the event is always "schedule" 2024-02-05 16:54:44 +01:00