diff --git a/.eslintrc b/.eslintrc.yaml similarity index 100% rename from .eslintrc rename to .eslintrc.yaml diff --git a/.gitattributes b/.gitattributes index 12c45dbc6a078..bb2783b0ad139 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,7 +1,5 @@ * text=auto eol=lf *.tmpl linguist-language=Handlebars -/.eslintrc linguist-language=YAML -/.stylelintrc linguist-language=YAML /public/vendor/** -text -eol linguist-vendored /vendor/** -text -eol linguist-vendored /web_src/fomantic/build/** linguist-generated diff --git a/.stylelintrc b/.stylelintrc.yaml similarity index 100% rename from .stylelintrc rename to .stylelintrc.yaml diff --git a/SECURITY.md b/SECURITY.md index 9846a94f7e835..7b43b32de5e3d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,8 +3,76 @@ The Gitea maintainers take security seriously. If you discover a security issue, please bring it to their attention right away! -### Reporting a Vulnerability +## Reporting a Vulnerability Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`. +## Protecting Security Information + +Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body. + +The PGP key is valid until June 24, 2024. +Key ID: 6FCD2D5B +Key Type: RSA +Expires: 6/24/2024 +Key Size: 4096/4096 +Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B +UserID: Gitea Security + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8 +4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r +OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w +k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7 +kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV +rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR +3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z +q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X +CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F +lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e +AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB +tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE +PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ +CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94 +njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI +4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A +bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa +ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE +i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb +Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo +srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb +a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR +JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5 +kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX +AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen +T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN +GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46 +XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E +ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX +03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP +RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw +qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T +s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/ +axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt +D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x +Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC +YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA +Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN +D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B +O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva +6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U +GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+ +7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg +q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik +ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP +GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/ +i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G +zgS/ZdziCvdAutqnGA== +=gZWO +-----END PGP PUBLIC KEY BLOCK----- + +``` + Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. diff --git a/cmd/manager_logging.go b/cmd/manager_logging.go index 0043ea1e52ad4..761edf654c8ac 100644 --- a/cmd/manager_logging.go +++ b/cmd/manager_logging.go @@ -174,6 +174,18 @@ var ( Action: runAddSMTPLogger, }, }, + }, { + Name: "log-sql", + Usage: "Set LogSQL", + Flags: []cli.Flag{ + cli.BoolFlag{ + Name: "debug", + }, cli.BoolFlag{ + Name: "off", + Usage: "Switch off SQL logging", + }, + }, + Action: runSetLogSQL, }, }, } @@ -381,3 +393,18 @@ func runReleaseReopenLogging(c *cli.Context) error { fmt.Fprintln(os.Stdout, msg) return nil } + +func runSetLogSQL(c *cli.Context) error { + ctx, cancel := installSignals() + defer cancel() + setup("manager", c.Bool("debug")) + + statusCode, msg := private.SetLogSQL(ctx, !c.Bool("off")) + switch statusCode { + case http.StatusInternalServerError: + return fail("InternalServerError", msg) + } + + fmt.Fprintln(os.Stdout, msg) + return nil +} diff --git a/models/db/engine.go b/models/db/engine.go index 93cf5ad8bc06b..2c329300e3af2 100755 --- a/models/db/engine.go +++ b/models/db/engine.go @@ -287,3 +287,12 @@ func GetMaxID(beanOrTableName interface{}) (maxID int64, err error) { _, err = x.Select("MAX(id)").Table(beanOrTableName).Get(&maxID) return maxID, err } + +func SetLogSQL(ctx context.Context, on bool) { + e := GetEngine(ctx) + if x, ok := e.(*xorm.Engine); ok { + x.ShowSQL(on) + } else if sess, ok := e.(*xorm.Session); ok { + sess.Engine().ShowSQL(on) + } +} diff --git a/models/db/log.go b/models/db/log.go index f9febf440e2b2..4c497fdfd72c3 100644 --- a/models/db/log.go +++ b/models/db/log.go @@ -6,6 +6,7 @@ package db import ( "fmt" + "sync/atomic" "code.gitea.io/gitea/modules/log" @@ -14,15 +15,19 @@ import ( // XORMLogBridge a logger bridge from Logger to xorm type XORMLogBridge struct { - showSQL bool - logger log.Logger + showSQLint *int32 + logger log.Logger } // NewXORMLogger inits a log bridge for xorm func NewXORMLogger(showSQL bool) xormlog.Logger { + showSQLint := int32(0) + if showSQL { + showSQLint = 1 + } return &XORMLogBridge{ - showSQL: showSQL, - logger: log.GetLogger("xorm"), + showSQLint: &showSQLint, + logger: log.GetLogger("xorm"), } } @@ -94,14 +99,16 @@ func (l *XORMLogBridge) SetLevel(lvl xormlog.LogLevel) { // ShowSQL set if record SQL func (l *XORMLogBridge) ShowSQL(show ...bool) { - if len(show) > 0 { - l.showSQL = show[0] - } else { - l.showSQL = true + showSQL := int32(1) + if len(show) > 0 && !show[0] { + showSQL = 0 } + atomic.StoreInt32(l.showSQLint, showSQL) } // IsShowSQL if record SQL func (l *XORMLogBridge) IsShowSQL() bool { - return l.showSQL + showSQL := atomic.LoadInt32(l.showSQLint) + + return showSQL == 1 } diff --git a/modules/private/manager.go b/modules/private/manager.go index 8405bf2c83d88..ba51260ebbee9 100644 --- a/modules/private/manager.go +++ b/modules/private/manager.go @@ -10,6 +10,7 @@ import ( "io" "net/http" "net/url" + "strconv" "time" "code.gitea.io/gitea/modules/json" @@ -139,6 +140,24 @@ func ReleaseReopenLogging(ctx context.Context) (int, string) { return http.StatusOK, "Logging Restarted" } +// SetLogSQL sets database logging +func SetLogSQL(ctx context.Context, on bool) (int, string) { + reqURL := setting.LocalURL + "api/internal/manager/set-log-sql?on=" + strconv.FormatBool(on) + + req := newInternalRequest(ctx, reqURL, "POST") + resp, err := req.Response() + if err != nil { + return http.StatusInternalServerError, fmt.Sprintf("Unable to contact gitea: %v", err.Error()) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return resp.StatusCode, decodeJSONError(resp).Err + } + + return http.StatusOK, "Log SQL setting set" +} + // LoggerOptions represents the options for the add logger call type LoggerOptions struct { Group string diff --git a/routers/private/internal.go b/routers/private/internal.go index 6ba87d67bf542..061c7f3c822af 100644 --- a/routers/private/internal.go +++ b/routers/private/internal.go @@ -68,6 +68,7 @@ func Routes() *web.Route { r.Post("/manager/pause-logging", PauseLogging) r.Post("/manager/resume-logging", ResumeLogging) r.Post("/manager/release-and-reopen-logging", ReleaseReopenLogging) + r.Post("/manager/set-log-sql", SetLogSQL) r.Post("/manager/add-logger", bind(private.LoggerOptions{}), AddLogger) r.Post("/manager/remove-logger/{group}/{name}", RemoveLogger) r.Get("/manager/processes", Processes) diff --git a/routers/private/manager.go b/routers/private/manager.go index a3b9a16f79a3f..e7f08ac455462 100644 --- a/routers/private/manager.go +++ b/routers/private/manager.go @@ -8,6 +8,7 @@ import ( "fmt" "net/http" + "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/graceful" "code.gitea.io/gitea/modules/json" @@ -67,6 +68,12 @@ func ReleaseReopenLogging(ctx *context.PrivateContext) { ctx.PlainText(http.StatusOK, "success") } +// SetLogSQL re-sets database SQL logging +func SetLogSQL(ctx *context.PrivateContext) { + db.SetLogSQL(ctx, ctx.FormBool("on")) + ctx.PlainText(http.StatusOK, "success") +} + // RemoveLogger removes a logger func RemoveLogger(ctx *context.PrivateContext) { group := ctx.Params("group") diff --git a/templates/user/settings/keys_ssh.tmpl b/templates/user/settings/keys_ssh.tmpl index 699905ebe2b2f..ba62ac3cf4f45 100644 --- a/templates/user/settings/keys_ssh.tmpl +++ b/templates/user/settings/keys_ssh.tmpl @@ -75,7 +75,7 @@

{{$.i18n.Tr "settings.ssh_token_help"}}

-

{{printf "echo -n '%s' | ssh-keygen -Y sign -n gitea -f /path_to_your_pubkey" $.TokenToSign}}

+

{{printf "echo -n '%s' | ssh-keygen -Y sign -n gitea -f /path_to_your_privkey" $.TokenToSign}}