gitserver: prevent names that could escape repodir (!10397) · Merge requests · Administrator / sourcegraph

Administrator requested to merge k/norm-repo into master May 04, 2020

Created by: keegancsmith

If a user found a way to issue a request for a repo name that didn't exist in our DB, they could escape $REPODIR and treat other parts of the system as a git dir. This is likely benign and a repo not going through the repos table indicates a slip up in our permissions code (a worse problem). However, rather safe than sorry.

gitserver: prevent names that could escape repodir

Merge request reports