-
-
Notifications
You must be signed in to change notification settings - Fork 5.8k
Allow '+' in a repository name (e.g. dbus-c++, canl-c++, biosig4c++, lv2-c++-tools) #13943
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
There are three problems here:
Ultimately the correct solution is to move Gitea's repositories to So as you can see allowing |
|
Longer-term I think that what would make the most sense is to have three tiers of configured settings, namely: POSIX: Only allow the existing set of characters. IMHO whatever is allowed for repos should also be the requirements for usernames as well. They shouldn't have separate requirements, so extending one should extend the other. |
BTW gitlab now allows plus sign in repo names. |
We need to update how we store repos on disk to allow for this, Gitlab changed to using sharded uuids on disk, rather than user/repo combo. |
Actually I don't think there is any OS that actually forbids a |
The definition of POSIX fully portable filenames comes from: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_281 On the filesystem I remain convinced that there would be problems on Windows (FAT32 for example), SMB/NFS and other weird filesytems. Because of this the only safe solution is to move to repo ID based git directory names. On most linux based filesystems the filenames are simply a string of bytes which disalllow However, even if you are happy about the filesystem, it should be noted that if you use characters outside of the POSIX fully portable filename list we will have to urlencode and urldecode reponames. Every place that takes reponames would have to be checked for safety and encoding. Not one single endpoint would be left untouched and the SDK would need to be changed similarly. It is not difficult to imagine a situation whereby there is significant security hole introduced by this. We would also need to think about all of the attacks using visually-alike unicode homoglyphs. (see punycode attacks) This is a substantial amount of work and whilst I would be willing to work on it, I would have to be paid a non-insignificant amount to do it. Someone else could attempt to implement this in another PR, however, they would have to pay serious consideration to the above problems. Simply just allowing |
I think that in the short-term, my suggestion to add a configuration option that lets you decide what level of filename restrictions you want would be a decent idea. That way, we would still have the POSIX restriction by default, but folks who understand the restrictions of their current systems and would like to change that can do so. Additionally, I think that even if we move to an alternative way of storing the repos on disk, we should still have the ability to restrict repo names to, for example, the POSIX restrictions, since I feel that a lot of folks will want to be able to still enforce that. The specific options would be likely something along the lines of:
I personally have a feeling that this would be substantially easier to implement than refactoring repo storage on disk, and wouldn't require any special migration logic. |
There are some problems with this approach I noticed while thinking about it for a second: |
There have been loads of ways of renaming things that don't conform to filename requirements over the years. For migrating repos, it seems easy enough to do a lossy conversion and then keep the original name somewhere, or even prompt the user depending on how many repos are being migrated. |
Look I think we're going round in circles. The time I have spent repeatedly explaining why it is not simple is time I could have spent fixing other things in Gitea. The issue is not that this problem is insurmountable but that it is a lot of work, with a lot of risks of introducing subtle security problems. The issues on the filesystem are just one part of the problem - the solution there is to clearly just use repoids. I have explained how it could be done, what would need to happen to make me do it, and where the security problems are likely to be, but one last time: There are essentially two options:
Move to allow almost any unicode character in reponames (and usernames - with the likely exception of '@')If you want to move forward with making this possible, then several PRs would be needed that:
It's highly likely that this solution would still introduce subtle sec holes. Keep the fully posix portable filenames internally but render (and convert passed in) names with punycode with IDN prefix or some other mappingThis is a somewhat safer alternative but would forever preclude a move to 1. It would however mean that repos etc could be moved to github, eg. A user or repo named You'd still need to map any non-fully portable posix name to its mapping whenever it is passed in as an url (or elsewhere) but if you miss any those would just be bugs rather than full blown security holes. You'd need to add renderers on the UI - again if you miss any it's just a bug. You'd still need to explain how to prevent homograph attacks or make them obvious and describe settings to turn on/off this functionality. Reviewers would still need to go through each and every endpoint looking for sec holes. I won't pretend to declare which is better right now but there are considerable risks with both. However, please stop the discussions about allowing filenames with If you really want this either provide the PRs or fund someone to do it. It would require changes at every level in Gitea to make work and we're looking at multiple PRs. URL encoding and decoding the names when going into URLs would be the first step for the first option. |
Was this fixed or just closed? |
I've been going through and cleaning up proposals that have just remained open for sometime. Not saying that this won't be implemented at some time, but keeping many issues (1.8k at the start of the cleanup) open is preventing users from finding other issues. |
zeripath has explained very clearly, I would treat it as a 'won't-be-fixed' problem at the moment. If Gitea changes a lot (more than a lot) in future, this proposal might be feasible then, but not now. |
Ah, makes sense. Thanks for clarifying! |
[x]
):Description
I am trying to migrated some repositories and noticed that repositories that contain "+" in the name are rejected. I am getting:
Repository name should contain only alphanumeric, dash ('-'), underscore ('_') and dot ('.') characters.
Would it be possible to allow "+" character in the repository name? I would like to keep the same name for repository (i.e. avoid renaming it to e.g. dbus-cpp) as that could cause name collisions and would break some scripts.
Example repository: https://src.fedoraproject.org/rpms/dbus-c++.git
Screenshots
The text was updated successfully, but these errors were encountered: