repo: prevent data loss by checking directory existence before creati…#8091
repo: prevent data loss by checking directory existence before creati…#8091
Conversation
9cec1d6 to
efe2d78
Compare
efe2d78 to
a4fec7d
Compare
|
"Hi @unknwon Sir , I discovered that the tests were failing in CI because the mock user was hitting the repository creation limit before reaching the path existence check. I've updated the test case to use an Admin user to bypass those initial constraints. The tests should pass now. Could you please take another look? |
|
@maishivamhoo123 the test is failing because you're mocking a user entry without setting its |
Updated changelog with recent changes and fixes.
|
@unknwon can please review it? all the test cases are running properly and made all the requested changes. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8091 +/- ##
==========================================
- Coverage 15.28% 0 -15.29%
==========================================
Files 106 0 -106
Lines 13864 0 -13864
==========================================
- Hits 2119 0 -2119
+ Misses 11465 0 -11465
+ Partials 280 0 -280 🚀 New features to boost your workflow:
|
Describe the pull request
This PR fixes a data loss vulnerability where Gogs would delete an existing directory on the filesystem if a user tried to create a repository with the same name.
#8085
By moving the path existence check to the beginning of
CreateRepository, the process exits before the initialization phase. This prevents the execution ofRemoveAllWithNoticeduring a rollback, ensuring existing data remains untouched.Link to the issue: closes #8085
Checklist
Test plan
secret-project.gitwith a filesecret.txtinside the repository root via terminal.secret-projectin the UI.secret.txtsurvived.Test_CreateRepository_PreventDeletionininternal/database/repo_test.go.PASS