kallithea Changeset - 8d0362047e29

Changeset - 8d0362047e29

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 7 years ago 2019-01-08 13:02:34
mads@kiilerich.com

middleware: don't allow trailing text after Git commands

This is used for determining repos and commands and what access users should
have. We thus want to be very strict when parsing these commands.

1 file changed with 1 insertions and 1 deletions:

kallithea/lib/middleware/simplegit.py

0 comments (0 inline, 0 general)

kallithea/lib/middleware/simplegit.py

➞

Show inline comments

@@ @@ -37,25 +37,25 @@ from webob.exc import HTTPNotFound, HTTP @@
     HTTPNotAcceptable, HTTPBadRequest
 from kallithea.model.db import Ui
 from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
     _set_extras
 from kallithea.lib.base import BaseVCSController
 from kallithea.lib.utils import make_ui, is_valid_repo
 from kallithea.lib.middleware.pygrack import make_wsgi_app
 log = logging.getLogger(__name__)
 GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
+GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)$')
 def is_git(environ):
     path_info = environ['PATH_INFO']
     isgit_path = GIT_PROTO_PAT.match(path_info)
     log.debug('pathinfo: %s detected as Git %s',
         path_info, isgit_path is not None
+    )
     return isgit_path
 class SimpleGit(BaseVCSController):

0 comments (0 inline, 0 general)