-
Notifications
You must be signed in to change notification settings - Fork 857
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: add featuregates to disallow url in ref-objects #4446
Conversation
Signed-off-by: Somefive <yd219913@alibaba-inc.com>
e4d0ef3
to
78db78d
Compare
Codecov Report
@@ Coverage Diff @@
## master #4446 +/- ##
==========================================
+ Coverage 59.51% 59.94% +0.42%
==========================================
Files 343 348 +5
Lines 34285 34427 +142
==========================================
+ Hits 20405 20636 +231
+ Misses 11188 11038 -150
- Partials 2692 2753 +61
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
@Somefive Do we need to add a simple whitelist mechanism to judge the target host? |
Good idea. We can make this extension in the future. |
Backport failed for Please cherry-pick the changes locally. git fetch origin release-1.4
git worktree add -d .worktree/backport-4446-to-release-1.4 origin/release-1.4
cd .worktree/backport-4446-to-release-1.4
git checkout -b backport-4446-to-release-1.4
ancref=$(git merge-base 572fba3539b0d8d7e98f3d335300353f0ccdb498 78db78d9081dcdf6d970e619e6fb207940cd2a1c)
git cherry-pick -x $ancref..78db78d9081dcdf6d970e619e6fb207940cd2a1c |
Backport failed for Please cherry-pick the changes locally. git fetch origin release-1.5
git worktree add -d .worktree/backport-4446-to-release-1.5 origin/release-1.5
cd .worktree/backport-4446-to-release-1.5
git checkout -b backport-4446-to-release-1.5
ancref=$(git merge-base 572fba3539b0d8d7e98f3d335300353f0ccdb498 78db78d9081dcdf6d970e619e6fb207940cd2a1c)
git cherry-pick -x $ancref..78db78d9081dcdf6d970e619e6fb207940cd2a1c |
Signed-off-by: Somefive yd219913@alibaba-inc.com
Description of your changes
For security issues, allowing url in ref-objects could lead to potential risks. This PR allows administrator to decide whether to enable this feature. (By default, this is enabled.)
I have:
make reviewable
to ensure this PR is ready for review.backport release-x.y
labels to auto-backport this PR if necessary.How has this code been tested
Special notes for your reviewer