lib/api · 21d660a591c514196116bbc646c713aca23a8f68 · Forest Godfrey / gitlab-ce

Merge branch 'project-existence-leak' into 'master' · 8c47a72a

authored Mar 03, 2015

Don't leak information about private project existence via Git-over-SSH/HTTP.

Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343.

Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it.

See merge request !1578

8c47a72a

Name	Last commit	Last update
..
api.rb		Loading commit data...
api_guard.rb		Loading commit data...
branches.rb		Loading commit data...
commits.rb		Loading commit data...
deploy_keys.rb		Loading commit data...
entities.rb		Loading commit data...
files.rb		Loading commit data...
group_members.rb		Loading commit data...
groups.rb		Loading commit data...
helpers.rb		Loading commit data...
internal.rb		Loading commit data...
issues.rb		Loading commit data...
labels.rb		Loading commit data...
merge_requests.rb		Loading commit data...
milestones.rb		Loading commit data...
namespaces.rb		Loading commit data...
notes.rb		Loading commit data...
project_hooks.rb		Loading commit data...
project_members.rb		Loading commit data...
project_snippets.rb		Loading commit data...
projects.rb		Loading commit data...
repositories.rb		Loading commit data...
services.rb		Loading commit data...
session.rb		Loading commit data...
system_hooks.rb		Loading commit data...
users.rb		Loading commit data...