diff options
author | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 18:44:29 +0000 |
---|---|---|
committer | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-17 08:58:14 +0000 |
commit | 10fd930aed1f457202c220a70194de83e1942971 (patch) | |
tree | 6157fd25d875cfb2023d3c5aca3af0b04c803b7a /gerrit-plugin-gwtui/pom.xml | |
parent | c8d81c4ab6784d9ccd9bceb5189d89c0a892eef2 (diff) |
Workaround Gitiles bug on All-Users visibility
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
(cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
(cherry picked from commit 1be1d6ff45f18c978fd21e5c7d437d0a1351d7d8)
Diffstat (limited to 'gerrit-plugin-gwtui/pom.xml')
0 files changed, 0 insertions, 0 deletions