[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

[Jason]

On Sun, Oct 28, 2012 at 2:18 PM, Sebastian Andrzej Siewior
<sebastian at breakpoint.cc> wrote:
> If the snapshots are not enabled then the frontend won't show a link to it.
> The skilled user however may construct the URL on his own and the frontend
> will obey the request.
> This patch adds a check for this case so the requst won't be served.

What's the purpose of this? I kind of like just having tar.xz and zip
enabled on mine, and then for folks who need tar.gz (like for bsd pkg
managers), they can have the other link. That way UI clutter is
minimized while the functionality stays in tact.

"Disabling snapshots" as a security "feature" isn't really so valid either.

[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

[nobody]

On 10/28/2012 09:40 PM, Jason A. Donenfeld wrote:
> "Disabling snapshots" as a security "feature" isn't really so valid either.

With snapshots, few requests can easily create a tremendous amount of
system load, rendering the system unusable. (Imagine you have a kernel
repository and someone repeatedly requests a tar.xz for it)

In any case, your use-case seems valid as well.

Maybe one could have a setting for enabling/disabling snapshots
altogether and another setting for the snapshot formats which should be
listed? (we already have the latter)

-Christian

my out-of-tree patches for cgit

[sebastian]

Hi,

just rebased my patches on top of v0.10. This includes the sendfile patch
and a few others while I was at it.

Sebastian

[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

[sebastian]

If the snapshots are not enabled then the frontend won't show a link to it.
The skilled user however may construct the URL on his own and the frontend
will obey the request.
This patch adds a check for this case so the requst won't be served.

Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
 ui-snapshot.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ui-snapshot.c b/ui-snapshot.c
index 582dc31..b278ddf 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -209,6 +209,12 @@ void cgit_print_snapshot(const char *head, const char *hex,
 		return;
 	}
 
+	if (!(f->bit & snapshots)) {
+		show_error(xstrdup(fmt("Snapshot format %s is not enabled.",
+						f->suffix)));
+		return;
+	}
+
 	if (!hex && dwim) {
 		hex = get_ref_from_filename(ctx.repo->url, filename, f);
 		if (hex == NULL) {
-- 
1.8.5.2

[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

[sebastian]

On 18.01.14, Sebastian Andrzej Siewior wrote:
> If the snapshots are not enabled then the frontend won't show a link to it.
> The skilled user however may construct the URL on his own and the frontend
> will obey the request.
> This patch adds a check for this case so the requst won't be served.

Any comments on this one?

Sebastian

[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests

[cgit]

On Sat, 01 Feb 2014 at 15:54:22, Sebastian Andrzej Siewior wrote:
> On 18.01.14, Sebastian Andrzej Siewior wrote:
> > If the snapshots are not enabled then the frontend won't show a link to it.
> > The skilled user however may construct the URL on his own and the frontend
> > will obey the request.
> > This patch adds a check for this case so the requst won't be served.
> 
> Any comments on this one?
> 

While I like this idea [1], I think that Jason is reluctant to add this
"fix" [2]. I am putting "fix" in quotes because being able to access
"disabled" snapshots is documented since commit 70546a3 (cgitrc.5.txt:
Fix documentation of the snapshot mask, 2014-01-13) [3].

> Sebastian
> _______________________________________________
> CGit mailing list
> CGit at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/cgit

[1] http://lists.zx2c4.com/pipermail/cgit/2014-January/001692.html
[2] http://lists.zx2c4.com/pipermail/cgit/2012-October/000792.html
[2] http://git.zx2c4.com/cgit/commit/?id=70546a34583923a73da6fb89c2efb85801294dc1