tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-19 00:38:36 +00:00
Code Releases Activity

Only allow webhook to send requests to allowed hosts (#17482)

Browse Source
This commit is contained in:
wxiaoguang
2021-11-01 16:39:52 +08:00
committed by GitHub
parent 4e8a81780e
commit 599ff1c054
9 changed files with 284 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/migrations/migrate.go
View File

@@ -89,7 +89,7 @@ func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
return &models.ErrInvalidCloneAddr{Host: u.Host, NotResolvedIP: true}
}
for _, addr := range addrList {
if isIPPrivate(addr) || !addr.IsGlobalUnicast() {
if util.IsIPPrivate(addr) || !addr.IsGlobalUnicast() {
return &models.ErrInvalidCloneAddr{Host: u.Host, PrivateNet: addr.String(), IsPermissionDenied: true}
}
}
@@ -474,13 +474,3 @@ func Init() error {
return nil
}
// TODO: replace with `ip.IsPrivate()` if min go version is bumped to 1.17
func isIPPrivate(ip net.IP) bool {
if ip4 := ip.To4(); ip4 != nil {
return ip4[0] == 10 ||
(ip4[0] == 172 && ip4[1]&0xf0 == 16) ||
(ip4[0] == 192 && ip4[1] == 168)
}
return len(ip) == net.IPv6len && ip[0]&0xfe == 0xfc
}