computercowboy
opened 2 months ago
-
Name Previous Value Current Value Type
Question
Security Vulnerability
-
Name Previous Value Current Value Type
Security Vulnerability
Improvement
-
Previous Value Current Value Disallow Specific File Extensions From Being Uploaded
Improve branch/tag protection rule to disallow specific file extensions
-
State changed as code fixing the issue is committed (74009027)
-
OneDev
changed state to 'Closed' 2 months ago
Previous Value Current Value Open
Closed
-
State changed as build OD-6754 is successful
-
OneDev
changed state to 'Released' 2 months ago
Previous Value Current Value Closed
Released
-
Branch/tag protection rule in project code settings now gets a new disallowed file types setting in 13.0.10
| Type |
Improvement
|
| Priority |
Normal
|
| Assignee | |
| Labels |
No labels
|
Issue Votes (0)
Watchers (4)
We are investigating leveraging OneDev for our CI/CD purposes, and after a security assessment, the assessor determined that the current approach to how files are uploaded/pushed presents a vulnerability per OWASP standards as it globally allows, by default, any file types to be pushed to repositories, which can introduce malicious payloads.
This ticket proposes a configurable option to allow admins to block specific file extensions (e.g., .exe. .bin) from being uploaded to all projects globally (either require admin group review or reject completely).