diff options
author | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 00:12:38 +0000 |
---|---|---|
committer | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 16:54:15 +0000 |
commit | 2ed0b44e01efdef4090099484f3b126d47fa4e82 (patch) | |
tree | 4dac0d6ce82ff12a468b72ecbc849314004f1027 /tools/maven/gerrit-acceptance-framework_pom.xml | |
parent | cf01238de5bc7f6f64b9508d17d8bdd458b494b2 (diff) |
Workaround Gitiles bug on All-Users visibility
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
Diffstat (limited to 'tools/maven/gerrit-acceptance-framework_pom.xml')
0 files changed, 0 insertions, 0 deletions