kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/api
History
Dmitriy Zaporozhets 8c47a72a4e Merge branch 'project-existence-leak' into 'master' 
Don't leak information about private project existence via Git-over-SSH/HTTP.

Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343.

Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it.

See merge request !1578
 		2015-03-03 20:05:12 +00:00
..
api.rb Rubocop enabled for: Use spaces inside hash literal braces 2015-02-02 20:36:54 -08:00
api_guard.rb Rubocop: Style/CaseIndentation enabled 2015-02-02 21:26:40 -08:00
branches.rb
commits.rb
deploy_keys.rb
entities.rb Enable ParenthesesAsGroupedExpression rule 2015-03-02 18:45:28 -08:00
files.rb Improve error messages when file editing fails 2015-02-22 16:01:49 -07:00
group_members.rb Edit group members via API 2015-02-11 18:53:07 -07:00
groups.rb Remove Group#owner_id from API since it is not used any more 2015-02-17 16:23:44 -08:00
helpers.rb Improve broadcast message API 2015-02-18 14:58:20 -08:00
internal.rb Don't leak information about private project existence via Git-over-SSH/HTTP. 2015-03-02 17:52:48 +01:00
issues.rb Refactor and improve sorting objects in API for projects, issues and merge requests 2015-02-05 22:00:54 -08:00
labels.rb
merge_requests.rb Refactor and improve sorting objects in API for projects, issues and merge requests 2015-02-05 22:00:54 -08:00
milestones.rb Fix the test and add documentation for the "per-milestone issues API call" 2015-01-22 12:14:53 +01:00
namespaces.rb Avoid using {...} for multi-line blocks 2015-02-02 21:22:57 -08:00
notes.rb
project_hooks.rb
project_members.rb Edit group members via API 2015-02-11 18:53:07 -07:00
project_snippets.rb
projects.rb Refactor and improve sorting objects in API for projects, issues and merge requests 2015-02-05 22:00:54 -08:00
repositories.rb
services.rb
session.rb
system_hooks.rb Avoid using {...} for multi-line blocks 2015-02-02 21:22:57 -08:00
users.rb Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirm 2015-02-27 13:01:57 -08:00