- 20 Nov, 2019 1 commit
-
-
Nick Thomas authored
When a client does a git fetch over HTTP, workhorse performs an access check based on the HTTP request header, then reads the entire request body into a temporary file before handing off to Gitaly to service it. However, the client has control over how long it takes to read the request body. Since the Gitaly RPC only happens once the request body is read, people can set up a connection before their access is revoked and use it to gain access to code committed days or weeks later. To resolve this, we place an overall limit of 10 minutes on receiving the `upload-pack` request body. Since this is over HTTP, the client is using the `--stateless-rpc` mode, and there is no negotiation between client and server. The time limit is chosen fairly arbitrarily, but it fits well with the existing 10MiB limit on request body size, implying a transfer speed of just 17KiB/sec to be able to fill that buffer and get a "request too large" error instead of "request too slow". Workhorse does not expose the `upload-archive` endpoint directly to the user; the client in that case is always gitlab-rails, so there is no vulnerability there. The `receive-pack` endpoint is theoretically vulnerable, but Gitaly performs a second access check in the pre-receive hook which defeats the attack, so no changes are needed. The SSH endpoints are similarly vulnerable, but since those RPCs are bidirectional, a different approach is needed.
-
- 15 Oct, 2019 3 commits
-
-
Nick Thomas authored
Case insensitive ETag comparison See merge request gitlab-org/gitlab-workhorse!434
-
Alessio Caiazza authored
Some object storage providers returns upcase ETag headers. This commit will perform the check in case insensitive mode
-
Nick Thomas authored
Upgrade gitaly to 1.68.0 See merge request gitlab-org/gitlab-workhorse!435
-
- 14 Oct, 2019 1 commit
-
-
John Cai authored
Gitaly 1.68.0 upgrades GRPC to 1.24.0
-
- 11 Oct, 2019 4 commits
-
-
Jacob Vosmaer authored
Test against go1.13 See merge request gitlab-org/gitlab-workhorse!433
-
Nick Thomas authored
Release v8.14.0 See merge request gitlab-org/gitlab-workhorse!432
-
Nick Thomas authored
-
Nick Thomas authored
-
- 10 Oct, 2019 4 commits
-
-
Nick Thomas authored
Keep HTTP 1.0 cache headers from sendurl proxies See merge request gitlab-org/gitlab-workhorse!431
-
Sean McGivern authored
For maximum compatiblity, the Rails application should also set Date and Pragma, and so we should ensure that these are not overwritten by the object storage provider.
-
Nick Thomas authored
Release v8.13.0 See merge request gitlab-org/gitlab-workhorse!430
-
Nick Thomas authored
-
- 09 Oct, 2019 2 commits
-
-
Nick Thomas authored
Remove test dummy Gitaly RPC handlers See merge request gitlab-org/gitlab-workhorse!429
-
Jacob Vosmaer authored
-
- 07 Oct, 2019 2 commits
-
-
Nick Thomas authored
Preserve original HTTP cache headers in sendurl See merge request gitlab-org/gitlab-workhorse!428
-
Sean McGivern authored
There are a few cases for serving uploads: 1. File storage. Rails asks Workhorse to serve the file. 2. Object storage. Rails redirects (via SendFileUpload) to the object storage host. 2. Object storage with `proxy_download` enabled. Rails asks Workhorse to proxy the download from the object storage host. Rails also sets caching headers for uploads. In case 1, the reverse proxy will keep those headers. In case 2, the headers are whatever the object storage provider sets. Case 3 is changed here. Previously, it would use the cache headers from the object storage provider. Now, it keeps the cache headers from Rails instead. This is better because: 1. Cache headers on the object storage provider can be hard to configure. 2. Even if we ask users to manually configure them, they may get it wrong and inadvertently allow private resources to be cached by proxies. 3. Even if we ask users to manually configure them and they get it right, they will also need to track any updates the Rails application makes to the cache headers it sends. We could solve these by trying to automatically set the metadata policy on the object storage bucket, which would also help with case 2 above. However, that has its own pitfalls. We could, for instance, say that `uploads/-/system/user` is public with an expiry of five minutes, and that's fairly straightforward. But then if we need to update that policy in future to make it public with an expiry of one minute, we are introducing coordination issues. This would get even more complicated if we allowed caching uploads from public projects. If the project's visibility changed, we'd need to update the object storage metadata too. So it's a tricky problem, and this is a relatively small code change to at least solve one case.
-
- 30 Sep, 2019 4 commits
-
-
Jacob Vosmaer authored
Changelog for 8.12.0 See merge request gitlab-org/gitlab-workhorse!426
-
Jacob Vosmaer authored
-
Jacob Vosmaer authored
Fix health checks routes incorrectly intercepting errors See merge request gitlab-org/gitlab-workhorse!424
-
Adrien Kohlbecker authored
-
- 26 Sep, 2019 2 commits
-
-
Nick Thomas authored
Simplify badgateway RoundTripper See merge request gitlab-org/gitlab-workhorse!425
-
Jacob Vosmaer authored
-
- 12 Sep, 2019 6 commits
-
-
Nick Thomas authored
Release v8.11.0 See merge request gitlab-org/gitlab-workhorse!423
-
Nick Thomas authored
-
Nick Thomas authored
Add route for handling Conan package uploads See merge request gitlab-org/gitlab-workhorse!412
-
Steve Abrams authored
Accelerated upload route for conan package files
-
Nick Thomas authored
Accelerate GraphQL uploads See merge request gitlab-org/gitlab-workhorse!403
-
Alessio Caiazza authored
-
- 10 Sep, 2019 1 commit
-
-
Nick Thomas authored
Accelerate wiki attachments See merge request gitlab-org/gitlab-workhorse!422
-
- 05 Sep, 2019 1 commit
-
-
Alessio Caiazza authored
-
- 01 Sep, 2019 3 commits
-
-
Nick Thomas authored
Release workhorse v8.10.0 See merge request gitlab-org/gitlab-workhorse!421
-
Nick Thomas authored
-
Nick Thomas authored
-
- 28 Aug, 2019 5 commits
-
-
Nick Thomas authored
Fix typo in keywatcher prometheus metrics See merge request gitlab-org/gitlab-workhorse!420
-
Nick Thomas authored
Update github.com/jfbus/httprs to b0af8319bb15 See merge request gitlab-org/gitlab-workhorse!419
-
Jacob Vosmaer authored
-
Nick Thomas authored
Upgrade regigomock to 257e089e14a1 See merge request gitlab-org/gitlab-workhorse!418
-
Jacob Vosmaer authored
-
- 27 Aug, 2019 1 commit
-
-
Maxim Efimov authored
-