diff options
| author | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 18:44:29 +0000 |
|---|---|---|
| committer | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 19:21:40 +0000 |
| commit | 1be1d6ff45f18c978fd21e5c7d437d0a1351d7d8 (patch) | |
| tree | c113709fd988d77d9a2e949639bdf47260379c85 /gerrit-war/pom.xml | |
| parent | e65ce8f8f738bceab5a2f3c827e576d6f446201c (diff) | |
Workaround Gitiles bug on All-Users visibility
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
(cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
Diffstat (limited to 'gerrit-war/pom.xml')
0 files changed, 0 insertions, 0 deletions