mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Use hostmatcher to replace matchlist, improve security (#17605)
				
					
				
			Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
This commit is contained in:
		| @@ -261,8 +261,9 @@ func runSync(ctx context.Context, m *models.Mirror) ([]*mirrorSyncResult, bool) | ||||
|  | ||||
| 	if m.LFS && setting.LFS.StartServer { | ||||
| 		log.Trace("SyncMirrors [repo: %-v]: syncing LFS objects...", m.Repo) | ||||
| 		ep := lfs.DetermineEndpoint(remoteAddr.String(), m.LFSEndpoint) | ||||
| 		if err = repo_module.StoreMissingLfsObjectsInRepository(ctx, m.Repo, gitRepo, ep, false); err != nil { | ||||
| 		endpoint := lfs.DetermineEndpoint(remoteAddr.String(), m.LFSEndpoint) | ||||
| 		lfsClient := lfs.NewClient(endpoint, nil) | ||||
| 		if err = repo_module.StoreMissingLfsObjectsInRepository(ctx, m.Repo, gitRepo, lfsClient); err != nil { | ||||
| 			log.Error("Failed to synchronize LFS objects for repository: %v", err) | ||||
| 		} | ||||
| 	} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user