mirror/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-09-20 04:35:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

git-grep: ensure bounded default for MatchesPerFile

Browse source 
Analogously to how it happens for MaxResultLimit.

The default of 20 is inspired by a well-known, commercial code
hosting platform.

Unbounded limits are risky because they expose Forgejo to a class
of DoS attacks where queries are crafted to take advantage of
missing bounds.
This commit is contained in:
Radosław Piliszek 2024-08-11 14:59:46 +02:00
parent 87d50eca87
commit 2fbb51ceb2
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/git/grep.go
View file

@ -67,9 +67,8 @@ func GrepSearch(ctx context.Context, repo *Repository, search string, opts GrepO
"--null", "--break", "--heading", "--column",
"--fixed-strings", "--line-number", "--ignore-case", "--full-name")
cmd.AddOptionValues("--context", fmt.Sprint(opts.ContextLineNumber))
if opts.MatchesPerFile > 0 {
opts.MatchesPerFile = cmp.Or(opts.MatchesPerFile, 20)
cmd.AddOptionValues("--max-count", fmt.Sprint(opts.MatchesPerFile))
}
words := []string{search}
if opts.IsFuzzy {
words = strings.Fields(search)