diff options
| author | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 00:12:38 +0000 |
|---|---|---|
| committer | Luca Milanesio <luca.milanesio@gmail.com> | 2020-11-13 19:23:53 +0000 |
| commit | 3dc150c8ecf7bb31948e1f8bc3b7c3776a3857a6 (patch) | |
| tree | 9ab68f4fdf62b29ff79901bef664bcc1ebeb2f03 /tools/maven/gerrit-extension-api_pom.xml | |
| parent | ab96c734407ca60c2e70ee7208f6977be82e2bc6 (diff) | |
Workaround Gitiles bug on All-Users visibility
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
(cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
Diffstat (limited to 'tools/maven/gerrit-extension-api_pom.xml')
0 files changed, 0 insertions, 0 deletions