ui-plain: add enable-html-serving flag

Unrestricts plain/ to contents likely to be executed by browser.
author: Jason A. Donenfeld 2016-01-14 14:53:28 +0100
committer: Jason A. Donenfeld 2016-01-14 15:42:56 +0100
commit: c326f3eb026d67650f79a6dda9a1a42c55d10a25 (patch)
tree: 51b94c63164ea924eb019c2e3c1e0b290509549b
parent: ui-blob: set CSP just in case (diff)
download: cgit-c326f3eb026d67650f79a6dda9a1a42c55d10a25.tar.gz
cgit-c326f3eb026d67650f79a6dda9a1a42c55d10a25.zip
5 files changed, 29 insertions, 0 deletions
diff --git a/cgit.c b/cgit.c
index 3ed1935..7f83a2d 100644
--- a/cgit.c
+++ b/cgit.c

@@ -55,6 +55,8 @@ static void repo_config(struct cgit_repo *repo, const char *name, const char *va
                repo->enable_remote_branches = atoi(value);
        else if (!strcmp(name, "enable-subject-links"))
                repo->enable_subject_links = atoi(value);
+        else if (!strcmp(name, "enable-html-serving"))
+                repo->enable_html_serving = atoi(value);
        else if (!strcmp(name, "branch-sort")) {
                if (!strcmp(value, "age"))
                        repo->branch_sort = 1;
@@ -170,6 +172,8 @@ static void config_cb(const char *name, const char *value)
                ctx.cfg.enable_remote_branches = atoi(value);
        else if (!strcmp(name, "enable-subject-links"))
                ctx.cfg.enable_subject_links = atoi(value);
+        else if (!strcmp(name, "enable-html-serving"))
+                ctx.cfg.enable_html_serving = atoi(value);
        else if (!strcmp(name, "enable-tree-linenumbers"))
                ctx.cfg.enable_tree_linenumbers = atoi(value);
        else if (!strcmp(name, "enable-git-config"))
@@ -821,6 +825,7 @@ static void print_repo(FILE *f, struct cgit_repo *repo)
                fprintf(f, "repo.logo-link=%s\n", repo->logo_link);
        fprintf(f, "repo.enable-remote-branches=%d\n", repo->enable_remote_branches);
        fprintf(f, "repo.enable-subject-links=%d\n", repo->enable_subject_links);
+        fprintf(f, "repo.enable-html-serving=%d\n", repo->enable_html_serving);
        if (repo->branch_sort == 1)
                fprintf(f, "repo.branch-sort=age\n");
        if (repo->commit_sort) {
diff --git a/cgit.h b/cgit.h
index 4b4bcf4..de5c94a 100644
--- a/cgit.h
+++ b/cgit.h

@@ -101,6 +101,7 @@ struct cgit_repo {
        int enable_log_linecount;
        int enable_remote_branches;
        int enable_subject_links;
+        int enable_html_serving;
        int max_stats;
        int branch_sort;
        int commit_sort;
@@ -235,6 +236,7 @@ struct cgit_config {
        int enable_log_linecount;
        int enable_remote_branches;
        int enable_subject_links;
+        int enable_html_serving;
        int enable_tree_linenumbers;
        int enable_git_config;
        int local_time;
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 759f353..47850a8 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt

@@ -190,6 +190,13 @@ enable-subject-links::
        in commit view. Default value: "0". See also:
        "repo.enable-subject-links".
+enable-html-serving::
+        Flag which, when set to "1", will allow the /plain handler to serve
+        mimetype headers that result in the file being treated as HTML by the
+        browser. When set to "0", such file types are returned instead as
+        text/plain or application/octet-stream. Default value: "0". See also:
+        "repo.enable-html-serving".
 enable-tree-linenumbers::
        Flag which, when set to "1", will make cgit generate linenumber links
        for plaintext blobs printed in the tree view. Default value: "1".
@@ -513,6 +520,10 @@ repo.enable-subject-links::
        A flag which can be used to override the global setting
        `enable-subject-links'. Default value: none.
+enable-html-serving::
+        A flag which can be used to override the global setting
+        `enable-html-serving`. Default value: none.
 repo.hide::
        Flag which, when set to "1", hides the repository from the repository
        index. The repository can still be accessed by providing a direct path.
diff --git a/shared.c b/shared.c
index 42b2ddc..a078a27 100644
--- a/shared.c
+++ b/shared.c

@@ -61,6 +61,7 @@ struct cgit_repo *cgit_add_repo(const char *url)
        ret->enable_log_linecount = ctx.cfg.enable_log_linecount;
        ret->enable_remote_branches = ctx.cfg.enable_remote_branches;
        ret->enable_subject_links = ctx.cfg.enable_subject_links;
+        ret->enable_html_serving = ctx.cfg.enable_html_serving;
        ret->max_stats = ctx.cfg.max_stats;
        ret->branch_sort = ctx.cfg.branch_sort;
        ret->commit_sort = ctx.cfg.commit_sort;
diff --git a/ui-plain.c b/ui-plain.c
index 58addab..ff85113 100644
--- a/ui-plain.c
+++ b/ui-plain.c

@@ -37,6 +37,16 @@ static int print_object(const unsigned char *sha1, const char *path)
        mimetype = get_mimetype_for_filename(path);
        ctx.page.mimetype = mimetype;
+        if (!ctx.repo->enable_html_serving) {
+                html("X-Content-Type-Options: nosniff\n");
+                html("Content-Security-Policy: default-src 'none'\n");
+                if (mimetype) {
+                        /* Built-in white list allows PDF and everything that isn't text/ and application/ */
+                        if ((!strncmp(mimetype, "text/", 5) || !strncmp(mimetype, "application/", 12)) && strcmp(mimetype, "application/pdf"))
+                                ctx.page.mimetype = NULL;
+                }
+        }
        if (!ctx.page.mimetype) {
                if (buffer_is_binary(buf, size)) {
                        ctx.page.mimetype = "application/octet-stream";
author	Jason A. Donenfeld	2016-01-14 14:53:28 +0100
committer	Jason A. Donenfeld	2016-01-14 15:42:56 +0100
commit	c326f3eb026d67650f79a6dda9a1a42c55d10a25 (patch)
tree	51b94c63164ea924eb019c2e3c1e0b290509549b
parent	ui-blob: set CSP just in case (diff)
download	cgit-c326f3eb026d67650f79a6dda9a1a42c55d10a25.tar.gz cgit-c326f3eb026d67650f79a6dda9a1a42c55d10a25.zip