mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-22 05:36:16 +00:00
git-grep: ensure bounded default for MatchesPerFile
Analogously to how it happens for MaxResultLimit. The default of 20 is inspired by a well-known, commercial code hosting platform. Unbounded limits are risky because they expose Forgejo to a class of DoS attacks where queries are crafted to take advantage of missing bounds.
This commit is contained in:
parent
87d50eca87
commit
2fbb51ceb2
|
@ -67,9 +67,8 @@ func GrepSearch(ctx context.Context, repo *Repository, search string, opts GrepO
|
|||
"--null", "--break", "--heading", "--column",
|
||||
"--fixed-strings", "--line-number", "--ignore-case", "--full-name")
|
||||
cmd.AddOptionValues("--context", fmt.Sprint(opts.ContextLineNumber))
|
||||
if opts.MatchesPerFile > 0 {
|
||||
cmd.AddOptionValues("--max-count", fmt.Sprint(opts.MatchesPerFile))
|
||||
}
|
||||
opts.MatchesPerFile = cmp.Or(opts.MatchesPerFile, 20)
|
||||
cmd.AddOptionValues("--max-count", fmt.Sprint(opts.MatchesPerFile))
|
||||
words := []string{search}
|
||||
if opts.IsFuzzy {
|
||||
words = strings.Fields(search)
|
||||
|
|
Loading…
Reference in a new issue