forgejo/services
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
..
actions Show commit status for releases (#29149) 2024-02-19 22:58:33 +01:00
agit [REFACTOR] Refactor the AGit code 2024-02-19 13:18:50 +01:00
asymkey Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
attachment [FEAT] allow setting the update date on issues and comments 2024-02-05 14:44:33 +01:00
auth Fix c/p error in inline documentation (#29148) 2024-02-19 22:58:33 +01:00
automerge Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
context
convert Add merge style fast-forward-only (#28954) 2024-02-14 17:19:19 +01:00
cron Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
doctor [GITEA] new doctor check: fix-push-mirrors-without-git-remote (#1853) 2024-02-05 16:09:41 +01:00
externalaccount
feed
forgejo [UPGRADE] run sanity checks before the database is upgraded 2024-02-05 14:44:33 +01:00
forms Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
gitdiff [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
indexer
issue Merge remote-tracking branch 'forgejo/forgejo-dependency' into wip-forgejo 2024-02-09 19:00:54 +01:00
lfs [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
mailer Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
markup
migrations Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
mirror Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
notify [GITEA] notifies admins on new user registration 2024-02-05 16:09:28 +01:00
org
packages Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
pull Disallow merge when required checked are missing (#29143) 2024-02-19 22:58:33 +01:00
release Avoid sending update/delete release notice when it is draft (#29008) 2024-02-02 04:18:12 +00:00
repository Do not use lower tag names to find releases/tags (#29261) 2024-02-19 22:58:33 +01:00
secrets
task
uinotification
user Remove unused KeyID. (#29167) 2024-02-16 15:20:52 +01:00
webhook Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
wiki [GITEA] Allow changing the repo Wiki branch to main 2024-02-05 16:57:47 +01:00