models

Aug 12, 2019 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type AccessMode

+ func UserAccessMode(userID int64, repo *Repository) (AccessMode, error)

Jan 31, 2019 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ type GitHubConfig struct

+ APIEndpoint string

+ func (cfg *GitHubConfig) FromDB(bs []byte) error

+ func (cfg *GitHubConfig) ToDB() ([]byte, error)

type LoginSource

+ func (s *LoginSource) GitHub() *GitHubConfig

+ func (s *LoginSource) IsGitHub() bool

type LoginType

+ const LOGIN_GITHUB

type User

+ func LoginViaGitHub(user *User, login, password string, sourceID int64, cfg *GitHubConfig, ...) (*User, error)

Dec 12, 2018 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Sep 16, 2018 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const ENV_AUTH_USER_EMAIL

+ const ENV_AUTH_USER_ID

+ const ENV_AUTH_USER_NAME

+ const ENV_REPO_CUSTOM_HOOKS_PATH

+ const ENV_REPO_ID

+ const ENV_REPO_NAME

+ const ENV_REPO_OWNER_NAME

+ const ENV_REPO_OWNER_SALT_MD5

+ const REPO_AVATAR_URL_PREFIX

+ const USER_AVATAR_URL_PREFIX

+ func ComposeHookEnvs(opts ComposeHookEnvsOptions) []string

+ func ResetNonDefaultLoginSources(source *LoginSource) error

+ type ComposeHookEnvsOptions struct

+ AuthUser *User

+ OwnerName string

+ OwnerSalt string

+ RepoID int64

+ RepoName string

+ RepoPath string

type Engine

+ ID func(interface{}) *xorm.Session

type LoginSource

+ IsDefault bool

type Repository

+ UseCustomAvatar bool

+ func (repo *Repository) AvatarLink() string

+ func (repo *Repository) CustomAvatarPath() string

+ func (repo *Repository) DeleteAvatar() error

+ func (repo *Repository) RelAvatarLink() string

+ func (repo *Repository) UploadAvatar(data []byte) error

Jun 4, 2018 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const GIT_SHORT_EMPTY_SHA

+ func LoadAuthSources()

+ func MirrorSyncCreateAction(repo *Repository, refName string) error

+ func MirrorSyncDeleteAction(repo *Repository, refName string) error

+ func MirrorSyncPushAction(repo *Repository, opts MirrorSyncPushActionOptions) error

+ func UpdateLoginSource(source *LoginSource) error

type ActionType

+ const ACTION_MIRROR_SYNC_CREATE

+ const ACTION_MIRROR_SYNC_DELETE

+ const ACTION_MIRROR_SYNC_PUSH

+ type AuthSourceFile struct

+ func (f *AuthSourceFile) Save() error

+ func (f *AuthSourceFile) SetConfig(cfg core.Conversion) error

+ func (f *AuthSourceFile) SetGeneral(name, value string)

+ type LocalLoginSources struct

+ func (s *LocalLoginSources) ActivatedList() []*LoginSource

+ func (s *LocalLoginSources) GetLoginSourceByID(id int64) (*LoginSource, error)

+ func (s *LocalLoginSources) Len() int

+ func (s *LocalLoginSources) List() []*LoginSource

+ func (s *LocalLoginSources) UpdateLoginSource(source *LoginSource)

type LoginSource

+ LocalFile *AuthSourceFile

+ func ActivatedLoginSources() ([]*LoginSource, error)

type Mirror

+ LastSync time.Time

+ LastSyncUnix int64

+ NextSync time.Time

+ NextSyncUnix int64

+ func (m *Mirror) ScheduleNextSync()

+ type MirrorSyncPushActionOptions struct

+ Commits *PushCommits

+ NewCommitID string

+ OldCommitID string

+ RefName string

type User

+ func UserLogin(username, password string, loginSourceID int64) (*User, error)

+ func (u *User) IDStr() string

+ func (u *User) MailResendCacheKey() string

+ func (u *User) TwoFactorCacheKey(passcode string) string

Mar 31, 2018 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func RewriteAuthorizedKeys() error

Nov 22, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Nov 19, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const DingtalkNotificationTitle

+ func MarkdownLinkFormatter(link, text string) string

+ type DingtalkActionCard struct

+ BtnOrientation string

+ HideAvatar string

+ SingleTitle string

+ SingleURL string

+ Text string

+ Title string

+ func NewDingtalkActionCard(singleTitle, singleURL string) DingtalkActionCard

+ type DingtalkAtObject struct

+ AtMobiles []string

+ IsAtAll bool

+ type DingtalkPayload struct

+ ActionCard DingtalkActionCard

+ At DingtalkAtObject

+ MsgType string

+ func GetDingtalkPayload(p api.Payloader, event HookEventType) (payload *DingtalkPayload, err error)

+ func (p *DingtalkPayload) JSONPayload() ([]byte, error)

type HookTaskType

+ const DINGTALK

+ type MergeStyle string

+ const MERGE_STYLE_REBASE

+ const MERGE_STYLE_REGULAR

type Repository

+ PullsAllowRebase bool

+ PullsIgnoreWhitespace bool

Aug 15, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Jun 10, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteTwoFactor(userID int64) (err error)

+ func IsUserEnabledTwoFactor(userID int64) bool

+ func NewTwoFactor(userID int64, secret string) error

+ func RegenerateRecoveryCodes(userID int64) error

+ func UseRecoveryCode(userID int64, code string) error

type Label

+ func GetLabelOfRepoByName(repoID int64, labelName string) (*Label, error)

+ type TwoFactor struct

+ Created time.Time

+ CreatedUnix int64

+ ID int64

+ Secret string

+ UserID int64

+ func GetTwoFactorByUserID(userID int64) (*TwoFactor, error)

+ func (t *TwoFactor) AfterSet(colName string, _ xorm.Cell)

+ func (t *TwoFactor) BeforeInsert()

+ func (t *TwoFactor) ValidateTOTP(passcode string) (bool, error)

+ type TwoFactorRecoveryCode struct

+ Code string

+ ID int64

+ IsUsed bool

+ UserID int64

+ func GetRecoveryCodesByUserID(userID int64) ([]*TwoFactorRecoveryCode, error)

type User

+ func (u *User) IsEnabledTwoFactor() bool

Apr 5, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteCollaboration(repo *Repository, userID int64) (err error)

+ func HandleMirrorCredentials(url string, mosaics bool) string

+ func IsCollaborator(repoID, userID int64) bool

type Diff

+ func NewDiff(gitDiff *git.Diff) *Diff

type DiffFile

+ func (diffFile *DiffFile) HighlightClass() string

type DiffSection

+ func (diffSection *DiffSection) ComputedInlineDiffFor(diffLine *git.DiffLine) template.HTML

type HookTask

+ func GetHookTaskOfWebhookByUUID(webhookID int64, uuid string) (*HookTask, error)

type Milestone

+ func (m *Milestone) CountIssues(isClosed, includePulls bool) int64

type Mirror

+ func (m *Mirror) RawAddress() string

type Repository

+ AllowPublicIssues bool

+ AllowPublicWiki bool

+ func GetUserAndCollaborativeRepositories(userID int64) ([]*Repository, error)

+ func (repo *Repository) CanGuestViewIssues() bool

+ func (repo *Repository) CanGuestViewWiki() bool

+ func (repo *Repository) IsPartialPublic() bool

+ func (repo *Repository) LoadAttributes() error

Mar 14, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func CommentHashTag(id int64) string

+ func NewRelease(gitRepo *git.Repository, r *Release, uuids []string) error

type Attachment

+ func GetAttachmentsByReleaseID(releaseID int64) ([]*Attachment, error)

type Branch

+ Commit *git.Commit

+ IsProtected bool

+ RepoPath string

type HookEventType

+ const HOOK_EVENT_ISSUES

+ const HOOK_EVENT_ISSUE_COMMENT

+ const HOOK_EVENT_RELEASE

type HookEvents

+ IssueComment bool

+ Issues bool

+ Release bool

type Release

+ Attachments []*Attachment

+ Repo *Repository

+ func GetDraftReleasesByRepoID(repoID int64) ([]*Release, error)

+ func GetPublishedReleasesByRepoID(repoID int64, matches ...string) ([]*Release, error)

+ func (r *Release) APIFormat() *api.Release

+ func (r *Release) LoadAttributes() error

type Repository

+ Size int64

+ func (repo *Repository) UpdateSize() error

type SearchRepoOptions

+ UserID int64

type User

+ func GetParticipantsByIssueID(issueID int64) ([]*User, error)

type Webhook

+ func (w *Webhook) HasIssueCommentEvent() bool

+ func (w *Webhook) HasIssuesEvent() bool

+ func (w *Webhook) HasReleaseEvent() bool

Mar 7, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func GetOrgIDsByUserID(userID int64, showPrivate bool) ([]int64, error)

+ func ImportDatabase(dirPath string) (err error)

type ActionType

+ const ACTION_CREATE_BRANCH

+ const ACTION_DELETE_BRANCH

+ const ACTION_DELETE_TAG

+ const ACTION_FORK_REPO

type HookEventType

+ const HOOK_EVENT_DELETE

+ const HOOK_EVENT_FORK

type HookEvents

+ Delete bool

+ Fork bool

+ type Version struct

+ ID int64

+ Version int64

type Webhook

+ func (w *Webhook) HasDeleteEvent() bool

+ func (w *Webhook) HasForkEvent() bool

Feb 28, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteOldRepositoryArchives()

+ func DiscordLinkFormatter(url string, text string) string

+ func DiscordSHALinkFormatter(url string, text string) string

+ func DiscordTextFormatter(s string) string

+ func IsBranchOfRepoRequirePullRequest(repoID int64, name string) bool

+ func IsUsableTeamName(name string) error

+ func IsUserInProtectBranchWhitelist(repoID, userID int64, branch string) bool

+ func IssuesCount(opts *IssuesOptions) (int64, error)

+ func SyncRepositoryHooks() error

+ func TestWebhook(repo *Repository, event HookEventType, p api.Payloader, webhookID int64) error

+ func UpdateOrgProtectBranch(repo *Repository, protectBranch *ProtectBranch, ...) (err error)

+ func UpdateProtectBranch(protectBranch *ProtectBranch) (err error)

type Collaborator

+ func (c *Collaborator) APIFormat() *api.Collaborator

+ type DiscordEmbedAuthorObject struct

+ IconURL string

+ Name string

+ URL string

+ type DiscordEmbedFieldObject struct

+ Name string

+ Value string

+ type DiscordEmbedFooterObject struct

+ Text string

+ type DiscordEmbedObject struct

+ Author *DiscordEmbedAuthorObject

+ Color int

+ Description string

+ Fields []*DiscordEmbedFieldObject

+ Footer *DiscordEmbedFooterObject

+ Title string

+ URL string

+ type DiscordPayload struct

+ AvatarURL string

+ Content string

+ Embeds []*DiscordEmbedObject

+ Username string

+ func GetDiscordPayload(p api.Payloader, event HookEventType, meta string) (*DiscordPayload, error)

+ func (p *DiscordPayload) JSONPayload() ([]byte, error)

type HookTask

+ Signature string

type HookTaskType

+ const DISCORD

+ type ProtectBranch struct

+ EnableWhitelist bool

+ ID int64

+ Name string

+ Protected bool

+ RepoID int64

+ RequirePullRequest bool

+ WhitelistTeamIDs string

+ WhitelistUserIDs string

+ func GetProtectBranchOfRepoByName(repoID int64, name string) (*ProtectBranch, error)

+ func GetProtectBranchesByRepoID(repoID int64) ([]*ProtectBranch, error)

+ type ProtectBranchWhitelist struct

+ ID int64

+ Name string

+ ProtectBranchID int64

+ RepoID int64

+ UserID int64

type Repository

+ func (repo *Repository) GetWriters() (_ []*User, err error)

+ func (repo *Repository) IsBranchRequirePullRequest(name string) bool

+ func (repo *Repository) IsCollaborator(uid int64) (bool, error)

type Team

+ func GetTeamOfOrgByName(orgID int64, name string) (*Team, error)

+ func GetTeamsByOrgID(orgID int64) ([]*Team, error)

+ func GetTeamsHaveAccessToRepo(orgID, repoID int64, mode AccessMode) ([]*Team, error)

+ func (t *Team) HasWriteAccess() bool

type User

+ func (org *User) TeamsHaveAccessToRepo(repoID int64, mode AccessMode) ([]*Team, error)

type Webhook

+ func GetWebhookOfRepoByID(repoID, id int64) (*Webhook, error)

Feb 11, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type Milestone

+ func (m *Milestone) ChangeStatus(isClosed bool) error

type Mirror

+ func (m *Mirror) MosaicsAddress() string

type PublicKey

+ func (k *PublicKey) IsDeployKey() bool

type Repository

+ ExternalTrackerURL string

type Team

+ func (t *Team) AfterSet(colName string, _ xorm.Cell)

type User

+ func (u *User) CanCreateOrganization() bool

+ func (u *User) HTMLURL() string

Jan 31, 2017 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func FilterRepositoryWithIssues(repoIDs []int64) ([]int64, error)

+ func NewMailerIssue(issue *Issue) mailer.Issue

+ func NewMailerRepo(repo *Repository) mailer.Repository

+ func NewMailerUser(u *User) mailer.User

+ type FilterMode string

+ const FILTER_MODE_ASSIGN

+ const FILTER_MODE_CREATE

+ const FILTER_MODE_MENTION

+ const FILTER_MODE_YOUR_REPOS

type IssueStats

+ YourReposCount int64

type User

+ func (u *User) IsMailable() bool

+ type UserRepoOptions struct

+ Page int

+ PageSize int

+ Private bool

+ UserID int64

Dec 24, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteAccessTokenOfUserByID(userID, id int64) error

+ func DeleteMilestoneOfRepoByID(repoID, id int64) error

+ func DeleteReleaseOfRepoByID(repoID, id int64) error

+ func DeleteWebhookOfOrgByID(orgID, id int64) error

+ func DeleteWebhookOfRepoByID(repoID, id int64) error

type Comment

+ Issue *Issue

+ func GetCommentsByRepoIDSince(repoID, since int64) ([]*Comment, error)

+ func (c *Comment) HTMLURL() string

+ func (c *Comment) LoadAttributes() error

type Engine

+ Table func(interface{}) *xorm.Session

type Label

+ func GetLabelOfRepoByID(repoID, labelID int64) (*Label, error)

type TeamUser

+ UID int64

Sep 1, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ var EnableTiDB bool

+ var LabelTemplates []string

+ var MirrorQueue = sync.NewUniqueQueue(setting.Repository.MirrorQueueLength)

+ func CreateLoginSource(source *LoginSource) error

+ func DeleteMilestoneByRepoID(repoID, id int64) error

+ func DeleteUpload(u *Upload) error

+ func DeleteUploadByUUID(uuid string) error

+ func DeleteUploads(uploads ...*Upload) (err error)

+ func GetLabelTemplateFile(name string) ([][2]string, error)

+ func InitSyncMirrors()

+ func IsErrLoginSourceAlreadyExist(err error) bool

+ func IsErrLoginSourceInUse(err error) bool

+ func IsErrLoginSourceNotExist(err error) bool

+ func IsErrRepoFileAlreadyExist(err error) bool

+ func IsErrUploadNotExist(err error) bool

+ func NewLabels(labels ...*Label) error

+ func SlackShortTextFormatter(s string) string

+ func SyncMirrors()

+ func UpdateIssueCols(issue *Issue, cols ...string) error

+ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) error

+ func UpdateLocalCopyBranch(repoPath, localPath, branch string) error

+ func UploadLocalPath(uuid string) string

type Comment

+ Updated time.Time

+ UpdatedUnix int64

+ func GetCommentsByIssueIDSince(issueID, since int64) ([]*Comment, error)

+ func (c *Comment) APIFormat() *api.Comment

+ func (c *Comment) BeforeUpdate()

+ type CommitRepoActionOptions struct

+ Commits *PushCommits

+ NewCommitID string

+ OldCommitID string

+ PusherName string

+ RefFullName string

+ RepoName string

+ RepoOwnerID int64

+ type DeleteRepoFileOptions struct

+ LastCommitID string

+ Message string

+ NewBranch string

+ OldBranch string

+ TreePath string

type Engine

+ In func(string, ...interface{}) *xorm.Session

type ErrCommentNotExist

+ IssueID int64

+ type ErrLoginSourceAlreadyExist struct

+ Name string

+ func (err ErrLoginSourceAlreadyExist) Error() string

+ type ErrLoginSourceInUse struct

+ ID int64

+ func (err ErrLoginSourceInUse) Error() string

type ErrLoginSourceNotExist

+ ID int64

+ func (err ErrLoginSourceNotExist) Error() string

+ type ErrRepoFileAlreadyExist struct

+ FileName string

+ func (err ErrRepoFileAlreadyExist) Error() string

+ type ErrUploadNotExist struct

+ ID int64

+ UUID string

+ func (err ErrUploadNotExist) Error() string

type HookEventType

+ const HOOK_EVENT_PULL_REQUEST

type HookEvents

+ PullRequest bool

type Issue

+ PullRequest *PullRequest

+ Title string

+ func GetRawIssueByIndex(repoID, index int64) (*Issue, error)

+ func (issue *Issue) APIFormat() *api.Issue

+ func (issue *Issue) ChangeAssignee(doer *User, assigneeID int64) (err error)

+ func (issue *Issue) ChangeContent(doer *User, content string) (err error)

+ func (issue *Issue) ChangeTitle(doer *User, title string) (err error)

+ func (issue *Issue) HTMLURL() string

type Label

+ func (label *Label) APIFormat() *api.Label

type Milestone

+ func GetMilestoneByRepoID(repoID, id int64) (*Milestone, error)

+ func GetMilestonesByRepoID(repoID int64) ([]*Milestone, error)

+ func (m *Milestone) APIFormat() *api.Milestone

type Mirror

+ func GetMirrorByRepoID(repoID int64) (*Mirror, error)

+ func (m *Mirror) ScheduleNextUpdate()

+ type NewIssueOptions struct

+ Attachments []string

+ IsPull bool

+ Issue *Issue

+ LableIDs []int64

+ Repo *Repository

type PullRequest

+ func (pr *PullRequest) APIFormat() *api.PullRequest

+ func (pr *PullRequest) LoadAttributes() error

+ func (pr *PullRequest) LoadIssue() (err error)

+ type PullRequestList []*PullRequest

+ func (prs PullRequestList) LoadAttributes() error

type PushCommit

+ func CommitToPushCommit(commit *git.Commit) *PushCommit

type PushCommits

+ CompareURL string

type PushUpdateOptions

+ RefFullName string

type Repository

+ func (repo *Repository) APIFormat(permission *api.Permission) *api.Repository

+ func (repo *Repository) CanEnableEditor() bool

+ func (repo *Repository) CheckoutNewBranch(oldBranch, newBranch string) error

+ func (repo *Repository) CreateNewBranch(doer *User, oldBranchName, branchName string) (err error)

+ func (repo *Repository) DeleteRepoFile(doer *User, opts DeleteRepoFileOptions) (err error)

+ func (repo *Repository) DiscardLocalRepoBranchChanges(branch string) error

+ func (repo *Repository) FullName() string

+ func (repo *Repository) GetDiffPreview(branch, treePath, content string) (diff *Diff, err error)

+ func (repo *Repository) HTMLURL() string

+ func (repo *Repository) UpdateLocalCopyBranch(branch string) error

+ func (repo *Repository) UpdateRepoFile(doer *User, opts UpdateRepoFileOptions) (err error)

+ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions) (err error)

type SlackAttachment

+ Title string

+ type UpdateRepoFileOptions struct

+ Content string

+ IsNewFile bool

+ LastCommitID string

+ Message string

+ NewBranch string

+ NewTreeName string

+ OldBranch string

+ OldTreeName string

+ type Upload struct

+ ID int64

+ Name string

+ UUID string

+ func GetUploadByUUID(uuid string) (*Upload, error)

+ func GetUploadsByUUIDs(uuids []string) ([]*Upload, error)

+ func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error)

+ func (upload *Upload) LocalPath() string

+ type UploadRepoFileOptions struct

+ Files []string

+ LastCommitID string

+ Message string

+ NewBranch string

+ OldBranch string

+ TreePath string

type User

+ func LoginViaLDAP(user *User, login, passowrd string, source *LoginSource, autoRegister bool) (*User, error)

+ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, ...) (*User, error)

+ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, ...) (*User, error)

+ func NewGhostUser() *User

+ func (u *User) APIFormat() *api.User

type Webhook

+ func (w *Webhook) HasPullRequestEvent() bool

Aug 10, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func ComposeHTTPSCloneURL(owner, repo string) string

type PushCommit

+ CommitterEmail string

+ CommitterName string

+ Timestamp time.Time

Aug 3, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func CountUserRepositories(userID int64, private bool) int64

+ func DeleteCommentByID(id int64) error

+ func GetRawDiff(repoPath, commitID string, diffType RawDiffType, writer io.Writer) error

+ func IsErrInvalidTagName(err error) bool

+ func IsUsableRepoName(name string) error

+ func IsUsableUsername(name string) error

+ func NewIssueLabels(issue *Issue, labels []*Label) (err error)

type DiffFile

+ IsSubmodule bool

type Engine

+ Iterate func(interface{}, xorm.IterFunc) error

+ type ErrInvalidTagName struct

+ TagName string

+ func (err ErrInvalidTagName) Error() string

type ErrLabelNotExist

+ LabelID int64

+ RepoID int64

type Issue

+ func (issue *Issue) AddLabels(labels []*Label) error

+ func (issue *Issue) ReplaceLabels(labels []*Label) (err error)

type Label

+ func GetLabelInRepoByID(repoID, labelID int64) (*Label, error)

+ func GetLabelsInRepoByIDs(repoID int64, labelIDs []int64) ([]*Label, error)

+ type MirrorRepositoryList []*Repository

+ func (repos MirrorRepositoryList) LoadAttributes() error

type PublicKey

+ func (key *PublicKey) AuthorizedString() string

+ type RawDiffType string

+ const RAW_DIFF_NORMAL

+ const RAW_DIFF_PATCH

type Repository

+ func GetUserMirrorRepositories(userID int64) ([]*Repository, error)

+ func GetUserRepositories(userID int64, private bool, page, pageSize int) ([]*Repository, error)

+ type RepositoryList []*Repository

+ func (repos RepositoryList) LoadAttributes() error

type User

+ ID int64

+ func (org *User) GetUserMirrorRepositories(userID int64) ([]*Repository, error)

+ func (org *User) GetUserTeamIDs(userID int64) ([]int64, error)

+ func (u *User) GetMirrorRepositories() ([]*Repository, error)

Jul 22, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type Issue

+ func (issue *Issue) LoadAttributes() (err error)

Jul 17, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const MAIL_AUTH_ACTIVATE

+ const MAIL_AUTH_ACTIVATE_EMAIL

+ const MAIL_AUTH_REGISTER_NOTIFY

+ const MAIL_AUTH_RESET_PASSWORD

+ const MAIL_ISSUE_COMMENT

+ const MAIL_ISSUE_MENTION

+ const MAIL_NOTIFY_COLLABORATOR

+ var SecurityProtocolNames = map[ldap.SecurityProtocol]string

+ func DeleteWebhookByOrgID(orgID, id int64) error

+ func DeleteWebhookByRepoID(repoID, id int64) error

+ func GetUserIDsByNames(names []string) []int64

+ func InitMailRender(dir, appendDir string, funcMap []template.FuncMap)

+ func IsErrAccessTokenEmpty(err error) bool

+ func SendActivateAccountMail(c *macaron.Context, u *User)

+ func SendActivateEmailMail(c *macaron.Context, u *User, email *EmailAddress)

+ func SendCollaboratorMail(u, doer *User, repo *Repository)

+ func SendIssueCommentMail(issue *Issue, doer *User, tos []string)

+ func SendIssueMentionMail(issue *Issue, doer *User, tos []string)

+ func SendRegisterNotifyMail(c *macaron.Context, u *User)

+ func SendResetPasswordMail(c *macaron.Context, u *User)

+ func SendTestMail(email string) error

+ func SendUserMail(c *macaron.Context, u *User, tpl base.TplName, code, subject, info string)

+ func UpdateIssueMentions(issueID int64, mentions []string) error

type AccessMode

+ func ParseAccessMode(permission string) AccessMode

+ func (mode AccessMode) String() string

type Collaboration

+ func (c *Collaboration) ModeI18nKey() string

type Comment

+ func (cmt *Comment) MailParticipants(opType ActionType, issue *Issue) (err error)

type Diff

+ IsIncomplete bool

type DiffFile

+ IsIncomplete bool

+ type ErrAccessTokenEmpty struct

+ func (err ErrAccessTokenEmpty) Error() string

type Issue

+ func (issue *Issue) FullLink() string

+ func (issue *Issue) MailParticipants() (err error)

+ func (issue *Issue) MailSubject() string

type IssueStatsOptions

+ Labels string

type LDAPConfig

+ func (cfg *LDAPConfig) SecurityProtocolName() string

type LoginSource

+ func (source *LoginSource) HasTLS() bool

+ type MailRender interface

+ HTMLString func(string, interface{}, ...macaron.HTMLOptions) (string, error)

type Mirror

+ EnablePrune bool

type OrgUser

+ func GetOrgUsersByOrgID(orgID int64) ([]*OrgUser, error)

type Repository

+ ExternalTrackerStyle string

+ func (repo *Repository) FullLink() string

+ func (repo *Repository) Link() string

+ func (repo *Repository) RelLink() string

type Team

+ func GetTeamByID(teamId int64) (*Team, error)

type User

+ ProhibitLogin bool

type Webhook

+ func GetWebhookByOrgID(orgID, id int64) (*Webhook, error)

+ func GetWebhookByRepoID(repoID, id int64) (*Webhook, error)

+ func GetWebhooksByOrgID(orgID int64) (ws []*Webhook, err error)

Mar 19, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type AccessToken

+ CreatedUnix int64

+ UpdatedUnix int64

+ func (t *AccessToken) AfterSet(colName string, _ xorm.Cell)

+ func (t *AccessToken) BeforeInsert()

+ func (t *AccessToken) BeforeUpdate()

type Action

+ CreatedUnix int64

+ func (a *Action) BeforeInsert()

type Attachment

+ CreatedUnix int64

+ func (a *Attachment) AfterSet(colName string, _ xorm.Cell)

+ func (a *Attachment) BeforeInsert()

type Comment

+ CreatedUnix int64

+ func (c *Comment) BeforeInsert()

type DeployKey

+ CreatedUnix int64

+ UpdatedUnix int64

+ func (k *DeployKey) BeforeInsert()

+ func (k *DeployKey) BeforeUpdate()

type Issue

+ CreatedUnix int64

+ DeadlineUnix int64

+ UpdatedUnix int64

+ func (i *Issue) BeforeInsert()

+ func (i *Issue) BeforeUpdate()

+ func (i *Issue) State() string

type LoginSource

+ CreatedUnix int64

+ UpdatedUnix int64

+ func (s *LoginSource) AfterSet(colName string, _ xorm.Cell)

+ func (s *LoginSource) BeforeInsert()

+ func (s *LoginSource) BeforeUpdate()

type Milestone

+ ClosedDateUnix int64

+ DeadlineUnix int64

+ func (m *Milestone) BeforeInsert()

+ func (m *Milestone) State() string

type Mirror

+ NextUpdateUnix int64

+ UpdatedUnix int64

+ func (m *Mirror) BeforeInsert()

+ func (m *Mirror) BeforeUpdate()

type Notice

+ CreatedUnix int64

+ func (n *Notice) AfterSet(colName string, _ xorm.Cell)

+ func (n *Notice) BeforeInsert()

type PublicKey

+ CreatedUnix int64

+ UpdatedUnix int64

+ func (k *PublicKey) BeforeInsert()

+ func (k *PublicKey) BeforeUpdate()

type PullRequest

+ MergedUnix int64

+ func (pr *PullRequest) BeforeUpdate()

type Release

+ CreatedUnix int64

+ func (r *Release) BeforeInsert()

type Repository

+ CreatedUnix int64

+ UpdatedUnix int64

+ func Repositories(page, pageSize int) (_ []*Repository, err error)

+ func (repo *Repository) BeforeInsert()

+ func (repo *Repository) BeforeUpdate()

+ type SearchRepoOptions struct

+ Keyword string

+ OrderBy string

+ OwnerID int64

+ Page int

+ PageSize int

+ Private bool

+ type SearchUserOptions struct

+ Keyword string

+ OrderBy string

+ Page int

+ PageSize int

+ Type UserType

type User

+ CreatedUnix int64

+ UpdatedUnix int64

+ func (u *User) BeforeInsert()

type UserType

+ const USER_TYPE_INDIVIDUAL

+ const USER_TYPE_ORGANIZATION

type Webhook

+ CreatedUnix int64

+ UpdatedUnix int64

+ func (w *Webhook) BeforeInsert()

+ func (w *Webhook) BeforeUpdate()

Mar 7, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func SSHKeyGenParsePublicKey(key string) (string, int, error)

+ func SSHNativeParsePublicKey(keyLine string) (string, int, error)

type ActionType

+ const ACTION_CLOSE_PULL_REQUEST

+ const ACTION_REOPEN_PULL_REQUEST

type Collaboration

+ Mode AccessMode

+ func (c *Collaboration) ModeName() string

+ type Collaborator struct

+ Collaboration *Collaboration

type CommentTag

+ const COMMENT_TAG_WRITER

+ type CreateCommentOptions struct

+ Attachments []string

+ CommitID int64

+ CommitSHA string

+ Content string

+ Doer *User

+ Issue *Issue

+ LineNum int64

+ Repo *Repository

+ Type CommentType

type Label

+ func (l *Label) ForegroundColor() template.CSS

type Repository

+ func (repo *Repository) ChangeCollaborationAccessMode(uid int64, mode AccessMode) error

+ func (repo *Repository) DeleteCollaboration(uid int64) (err error)

+ func (repo *Repository) DeleteWiki()

+ func (repo *Repository) DeleteWikiPage(doer *User, title string) (err error)

+ func (repo *Repository) RepoRelLink() string

type User

+ func (u *User) DeleteAvatar() error

+ func (u *User) IsWriterOfRepo(repo *Repository) bool

Feb 24, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteMirrorByRepoID(repoID int64) error

+ func IsErrBranchNotExist(err error) bool

+ func PushUpdate(opts PushUpdateOptions) (err error)

+ func ReinitMissingRepositories() error

+ func RemoveAllWithNotice(title, path string)

type ActionType

+ const ACTION_CLOSE_ISSUE

+ const ACTION_COMMENT_ISSUE

+ const ACTION_COMMIT_REPO

+ const ACTION_CREATE_ISSUE

+ const ACTION_CREATE_PULL_REQUEST

+ const ACTION_CREATE_REPO

+ const ACTION_MERGE_PULL_REQUEST

+ const ACTION_PUSH_TAG

+ const ACTION_RENAME_REPO

+ const ACTION_REOPEN_ISSUE

+ const ACTION_STAR_REPO

+ const ACTION_TRANSFER_REPO

+ const ACTION_WATCH_REPO

+ type Branch struct

+ Name string

+ Path string

+ func GetBranchesByPath(path string) ([]*Branch, error)

+ func (br *Branch) GetCommit() (*git.Commit, error)

type DiffFile

+ func (diffFile *DiffFile) GetHighlightClass() string

+ type ErrBranchNotExist struct

+ Name string

+ func (err ErrBranchNotExist) Error() string

type PullRequest

+ func (pr *PullRequest) PushToBaseRepo() (err error)

+ type PushUpdateOptions struct

+ NewCommitID string

+ OldCommitID string

+ PusherID int64

+ PusherName string

+ RefName string

+ RepoName string

+ RepoUserName string

type Repository

+ func CleanUpMigrateInfo(repo *Repository, repoPath string) (*Repository, error)

+ func (repo *Repository) AllowsPulls() bool

+ func (repo *Repository) CanEnablePulls() bool

+ func (repo *Repository) GetBranch(br string) (*Branch, error)

+ func (repo *Repository) GetBranches() ([]*Branch, error)

type User

+ func GetOrgsByUserID(userID int64, showAll bool) ([]*User, error)

+ func GetOrgsByUserIDDesc(userID int64, desc string, showAll bool) ([]*User, error)

+ func (org *User) GetUserRepositories(userID int64) (err error)

+ func (org *User) GetUserTeams(userID int64) error

Jan 30, 2016 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func Cell2Int64(val xorm.Cell) int64

+ func ChangeUsernameInPullRequests(oldUserName, newUserName string) error

+ func IsErrTeamAlreadyExist(err error) bool

+ func IsFollowing(userID, followID int64) bool

+ func UnfollowUser(userID, followID int64) (err error)

+ func UpdateAccessToken(t *AccessToken) error

type Action

+ func (a *Action) ShortActUserName() string

+ func (a *Action) ShortRepoName() string

+ func (a *Action) ShortRepoPath() string

+ func (a *Action) ShortRepoUserName() string

type DiffFile

+ func (diffFile *DiffFile) GetType() int

+ type DiffFileType uint8

+ type DiffLineType uint8

type DiffSection

+ func (diffSection *DiffSection) GetComputedInlineDiffFor(diffLine *DiffLine) template.HTML

+ func (diffSection *DiffSection) GetLine(lineType DiffLineType, idx int) *DiffLine

type ErrTeamAlreadyExist

+ Name string

+ OrgID int64

+ func (err ErrTeamAlreadyExist) Error() string

type User

+ NumFollowing int

+ func (u *User) GetFollowers(page int) ([]*User, error)

+ func (u *User) GetFollowing(page int) ([]*User, error)

+ func (u *User) IsFollowing(followID int64) bool

Dec 18, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func AddEmailAddresses(emails []*EmailAddress) error

+ func DeleteEmailAddresses(emails []*EmailAddress) (err error)

type OrgUser

+ func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error)

Dec 13, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func HandleCloneUserCredentials(url string, mosaics bool) string

+ func IsErrReachLimitOfRepo(err error) bool

+ type ErrReachLimitOfRepo struct

+ Limit int

+ func (err ErrReachLimitOfRepo) Error() string

type LoginType

+ const LOGIN_DLDAP

+ const LOGIN_LDAP

+ const LOGIN_NOTYPE

+ const LOGIN_PAM

+ const LOGIN_PLAIN

+ const LOGIN_SMTP

type Mirror

+ func (m *Mirror) Address() string

+ func (m *Mirror) FullAddress() string

+ func (m *Mirror) SaveAddress(addr string) error

type PushCommits

+ func ListToPushCommits(l *list.List) *PushCommits

+ func (pc *PushCommits) ToApiPayloadCommits(repoLink string) []*api.PayloadCommit

type Repository

+ EnableExternalWiki bool

+ ExternalWikiURL string

+ func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) string

+ func (repo *Repository) FullRepoLink() string

+ func (repo *Repository) GitConfigPath() string

type User

+ MaxRepoCreation int

+ func (u *User) BeforeUpdate()

+ func (u *User) CanCreateRepo() bool

+ func (u *User) IsLocal() bool

+ func (u *User) RepoCreationNum() int

Dec 6, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteNotices(start, end int64) error

+ func DeleteNoticesByIDs(ids []int64) error

+ func IsErrAuthenticationNotExist(err error) bool

+ func IsErrKeyAccessDenied(err error) bool

+ func IsErrWikiAlreadyExist(err error) bool

+ func ToWikiPageName(name string) string

+ func ToWikiPageURL(name string) string

+ func WikiPath(userName, repoName string) string

type ErrAuthenticationNotExist

+ ID int64

+ func (err ErrAuthenticationNotExist) Error() string

+ type ErrKeyAccessDenied struct

+ KeyID int64

+ Note string

+ UserID int64

+ func (err ErrKeyAccessDenied) Error() string

+ type ErrWikiAlreadyExist struct

+ Title string

+ func (err ErrWikiAlreadyExist) Error() string

type Notice

+ ID int64

type Repository

+ EnableExternalTracker bool

+ EnableIssues bool

+ EnablePulls bool

+ EnableWiki bool

+ ExternalMetas map[string]string

+ ExternalTrackerFormat string

+ func (repo *Repository) AddWikiPage(doer *User, title, content, message string) error

+ func (repo *Repository) ComposeMetas() map[string]string

+ func (repo *Repository) ComposePayload() *api.PayloadRepo

+ func (repo *Repository) EditWikiPage(doer *User, oldTitle, title, content, message string) error

+ func (repo *Repository) HasWiki() bool

+ func (repo *Repository) InitWiki() error

+ func (repo *Repository) LocalWikiPath() string

+ func (repo *Repository) MustOwner() *User

+ func (repo *Repository) UpdateLocalWiki() error

+ func (repo *Repository) WikiCloneLink() (cl *CloneLink)

+ func (repo *Repository) WikiPath() string

type SlackAttachment

+ Fallback string

Nov 25, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Nov 21, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func DeleteMissingRepositories() error

+ func DeleteReleaseByID(id int64) error

+ func IsErrDeployKeyNotExist(err error) bool

+ func IsErrKeyUnableVerify(err error) bool

+ func IsErrReleaseAlreadyExist(err error) bool

+ func IsErrReleaseNotExist(err error) bool

type Action

+ func (a Action) GetIssueContent() string

+ func (a Action) GetIssueTitle() string

type DeployKey

+ Content string

+ func GetDeployKeyByID(id int64) (*DeployKey, error)

+ func (k *DeployKey) GetContent() error

+ type ErrDeployKeyNotExist struct

+ ID int64

+ KeyID int64

+ RepoID int64

+ func (err ErrDeployKeyNotExist) Error() string

type ErrKeyUnableVerify

+ Result string

+ func (err ErrKeyUnableVerify) Error() string

type ErrReleaseAlreadyExist

+ TagName string

+ func (err ErrReleaseAlreadyExist) Error() string

type ErrReleaseNotExist

+ ID int64

+ TagName string

+ func (err ErrReleaseNotExist) Error() string

+ type PushCommit struct

+ AuthorEmail string

+ AuthorName string

+ Message string

+ Sha1 string

+ type PushCommits struct

+ Commits []*PushCommit

+ CompareUrl string

+ Len int

+ func NewPushCommits() *PushCommits

+ func (push *PushCommits) AvatarLink(email string) string

type Release

+ ID int64

+ PublisherID int64

+ RepoID int64

+ func GetReleaseByID(id int64) (*Release, error)

+ func GetReleasesByRepoID(repoID int64) (rels []*Release, err error)

type Repository

+ func (repo *Repository) GetStargazers(page int) ([]*User, error)

type User

+ func (u *User) GetRepositoryAccesses() (map[*Repository]AccessMode, error)

+ func (u *User) HasForkedRepo(repoID int64) bool

+ func (u *User) ShortName(length int) string

type Webhook

+ func GetWebhooksByRepoID(repoID int64) (ws []*Webhook, err error)

Nov 12, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type PublicKey

+ func SearchPublicKeyByContent(content string) (*PublicKey, error)

Nov 8, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const DIFF_FILE_RENAME

+ var ItemsPerPage = 54

+ var PullRequestQueue = NewUniqueQueue(setting.Repository.PullRequestQueueLength)

+ func AddTestPullRequestTask(repoID int64, branch string)

+ func DeleteUpdateTaskByUUID(uuid string) error

+ func InitTestPullRequests()

+ func IsErrInvalidCloneAddr(err error) bool

+ func IsErrUpdateTaskNotExist(err error) bool

+ func TestPullRequests()

type DiffFile

+ IsRenamed bool

+ OldName string

+ type ErrInvalidCloneAddr struct

+ IsInvalidPath bool

+ IsPermissionDenied bool

+ IsURLError bool

+ func (err ErrInvalidCloneAddr) Error() string

type ErrPullRequestNotExist

+ IssueID int64

+ type ErrUpdateTaskNotExist struct

+ UUID string

+ func (err ErrUpdateTaskNotExist) Error() string

type Issue

+ func (i *Issue) GetPullRequest() (err error)

+ type MigrateRepoOptions struct

+ Description string

+ IsMirror bool

+ IsPrivate bool

+ Name string

+ RemoteAddr string

type PullRequest

+ BaseRepo *Repository

+ HeadBranch string

+ Index int64

+ Issue *Issue

+ IssueID int64

+ Status PullRequestStatus

+ func GetPullRequestByID(id int64) (*PullRequest, error)

+ func GetPullRequestByIssueID(issueID int64) (*PullRequest, error)

+ func GetUnmergedPullRequestsByBaseInfo(repoID int64, branch string) ([]*PullRequest, error)

+ func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string) ([]*PullRequest, error)

+ func (pr *PullRequest) AddToTaskQueue()

+ func (pr *PullRequest) GetBaseRepo() (err error)

+ func (pr *PullRequest) GetHeadRepo() (err error)

+ func (pr *PullRequest) GetMerger() (err error)

+ func (pr *PullRequest) IsChecking() bool

+ func (pr *PullRequest) Update() error

+ func (pr *PullRequest) UpdateCols(cols ...string) error

+ func (pr *PullRequest) UpdatePatch() (err error)

+ type PullRequestStatus int

+ const PULL_REQUEST_STATUS_CHECKING

+ const PULL_REQUEST_STATUS_CONFLICT

+ const PULL_REQUEST_STATUS_MERGEABLE

type Repository

+ func (repo *Repository) GetForks() ([]*Repository, error)

+ func (repo *Repository) GetStars(offset int) ([]*User, error)

+ func (repo *Repository) GetWatchers(offset int) ([]*User, error)

+ func (repo *Repository) LocalCopyPath() string

+ func (repo *Repository) PatchPath(index int64) (string, error)

+ func (repo *Repository) SavePatch(index int64, patch []byte) error

+ func (repo *Repository) UpdateLocalCopy() error

+ type UniqueQueue struct

+ func NewUniqueQueue(queueLength int) *UniqueQueue

+ func (q *UniqueQueue) Add(id interface{})

+ func (q *UniqueQueue) AddFunc(id interface{}, fn func())

+ func (q *UniqueQueue) Exist(id interface{}) bool

+ func (q *UniqueQueue) Queue() <-chan string

+ func (q *UniqueQueue) Remove(id interface{})

type UpdateTask

+ ID int64

+ NewCommitID string

+ OldCommitID string

+ UUID string

+ func GetUpdateTaskByUUID(uuid string) (*UpdateTask, error)

type User

+ AllowImportLocal bool

+ func GetUserByKeyID(keyID int64) (*User, error)

+ func (u *User) CanEditGitHook() bool

+ func (u *User) CanImportLocal() bool

Sep 26, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ var EnableTidb bool

+ var LoginNames = map[LoginType]string

+ func CountLoginSources() int64

+ func CreateRefComment(doer *User, repo *Repository, issue *Issue, content, commitSHA string) error

+ func DeleteSource(source *LoginSource) error

+ func LoadConfigs()

type Comment

+ CommitSHA string

type EmailAddress

+ ID int64

+ UID int64

type LoginSource

+ func LoginSources() ([]*LoginSource, error)

+ func (source *LoginSource) IsDLDAP() bool

+ func (source *LoginSource) IsLDAP() bool

+ func (source *LoginSource) IsPAM() bool

+ func (source *LoginSource) IsSMTP() bool

+ func (source *LoginSource) SkipVerify() bool

+ func (source *LoginSource) TypeName() string

+ func (source *LoginSource) UseTLS() bool

type LoginType

+ const DLDAP

type Notice

+ func Notices(page, pageSize int) ([]*Notice, error)

type Repository

+ func RepositoriesWithUsers(page, pageSize int) (_ []*Repository, err error)

+ func (repo *Repository) CanBeForked() bool

type SMTPConfig

+ AllowedDomains string

type User

+ OwnedOrgs []*User

+ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error)

+ func GetOwnedOrgsByUserID(userID int64) ([]*User, error)

+ func GetOwnedOrgsByUserIDDesc(userID int64, desc string) ([]*User, error)

+ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error)

+ func Organizations(page, pageSize int) ([]*User, error)

+ func Users(page, pageSize int) ([]*User, error)

+ func (u *User) GenerateActivateCode() string

+ func (u *User) GenerateEmailActivateCode(email string) string

+ func (u *User) GenerateRandomAvatar() error

+ func (u *User) GetOwnedOrganizations() (err error)

Sep 5, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const HOOK_STATUS_FAILED

+ const HOOK_STATUS_NONE

+ const HOOK_STATUS_SUCCEED

+ const PLLL_ERQUEST_GIT

+ const PULL_REQUEST_GOGS

+ var Readmes []string

+ func CountPublicRepositories() int64

+ func DeleteAccessTokenByID(id int64) error

+ func GetRepoIssueStats(repoID, uid int64, filterMode int, isPull bool) (numOpen int64, numClosed int64)

+ func IsErrAccessTokenNotExist(err error) bool

+ func IsErrCommentNotExist(err error) bool

+ func IsErrPullRequestNotExist(err error) bool

+ func IsErrWebhookNotExist(err error) bool

+ func MergePullRequestAction(actUser *User, repo *Repository, pull *Issue) error

+ func NewPullRequest(repo *Repository, pull *Issue, labelIDs []int64, uuids []string, ...) (err error)

+ func PrepareWebhooks(repo *Repository, event HookEventType, p api.Payloader) error

+ func RenameRepoAction(actUser *User, oldRepoName string, repo *Repository) error

+ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error

+ func UpdateAccessToekn(t *AccessToken) error

+ func UpdateComment(c *Comment) error

type AccessToken

+ ID int64

+ UID int64

+ func GetAccessTokenBySHA(sha string) (*AccessToken, error)

type Action

+ func (a *Action) AfterSet(colName string, _ xorm.Cell)

type ActionType

+ const CREATE_PULL_REQUEST

+ const MERGE_PULL_REQUEST

+ const RENAME_REPO

type Comment

+ func GetCommentByID(id int64) (*Comment, error)

+ type CreateRepoOptions struct

+ AutoInit bool

+ Description string

+ Gitignores string

+ IsMirror bool

+ IsPrivate bool

+ License string

+ Name string

+ Readme string

type ErrAccessTokenNotExist

+ SHA string

+ func (err ErrAccessTokenNotExist) Error() string

+ type ErrCommentNotExist struct

+ ID int64

+ func (err ErrCommentNotExist) Error() string

+ type ErrPullRequestNotExist struct

+ BaseBranch string

+ BaseRepoID int64

+ HeadBarcnh string

+ HeadRepoID int64

+ ID int64

+ PullID int64

+ func (err ErrPullRequestNotExist) Error() string

type ErrWebhookNotExist

+ ID int64

+ func (err ErrWebhookNotExist) Error() string

type Follow

+ ID int64

type HookEvent

+ ChooseEvents bool

+ SendEverything bool

type HookEventType

+ const HOOK_EVENT_CREATE

+ type HookEvents struct

+ Create bool

+ Push bool

+ type HookRequest struct

+ Headers map[string]string

+ type HookResponse struct

+ Body string

+ Headers map[string]string

+ Status int

+ type HookStatus int

type HookTask

+ DeliveredString string

+ IsSSL bool

+ RequestContent string

+ RequestInfo *HookRequest

+ ResponseContent string

+ ResponseInfo *HookResponse

+ URL string

+ UUID string

+ func HookTasks(hookID int64, page int) ([]*HookTask, error)

+ func (t *HookTask) AfterSet(colName string, _ xorm.Cell)

+ func (t *HookTask) BeforeUpdate()

+ func (t *HookTask) MarshalJSON(v interface{}) string

+ type IssueStatsOptions struct

+ AssigneeID int64

+ FilterMode int

+ IsPull bool

+ LabelID int64

+ MilestoneID int64

+ RepoID int64

+ UserID int64

+ type IssuesOptions struct

+ AssigneeID int64

+ IsClosed bool

+ IsMention bool

+ IsPull bool

+ Labels string

+ MilestoneID int64

+ Page int

+ PosterID int64

+ RepoID int64

+ RepoIDs []int64

+ SortType string

+ UserID int64

type LoginSource

+ ID int64

+ func GetLoginSourceByID(id int64) (*LoginSource, error)

type Mirror

+ Repo *Repository

+ func (m *Mirror) AfterSet(colName string, _ xorm.Cell)

+ type PullRequest struct

+ BaseBranch string

+ BaseRepoID int64

+ CanAutoMerge bool

+ HasMerged bool

+ HeadBarcnh string

+ HeadRepo *Repository

+ HeadRepoID int64

+ HeadUserName string

+ ID int64

+ MergeBase string

+ Merged time.Time

+ MergedCommitID string

+ Merger *User

+ MergerID int64

+ Pull *Issue

+ PullID int64

+ PullIndex int64

+ Type PullRequestType

+ func GetPullRequestByPullID(pullID int64) (*PullRequest, error)

+ func GetUnmergedPullRequest(headRepoID, baseRepoID int64, headBranch, baseBranch string) (*PullRequest, error)

+ func (pr *PullRequest) AfterSet(colName string, _ xorm.Cell)

+ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository) (err error)

+ type PullRequestType int

type Release

+ func (r *Release) AfterSet(colName string, _ xorm.Cell)

type Repository

+ func GetRepositoriesByForkID(forkID int64) ([]*Repository, error)

+ func (repo *Repository) AfterSet(colName string, _ xorm.Cell)

+ func (repo *Repository) IssueStats(uid int64, filterMode int, isPull bool) (int64, int64)

+ func (repo *Repository) NextIssueIndex() int64

type SMTPConfig

+ SkipVerify bool

+ type SlackMeta struct

+ Channel string

+ Color string

+ IconURL string

+ Username string

type SlackPayload

+ IconURL string

+ func (p *SlackPayload) JSONPayload() ([]byte, error)

+ func (p *SlackPayload) SetSecret(_ string)

type Star

+ ID int64

+ RepoID int64

+ UID int64

type User

+ LastRepoVisibility bool

+ func (u *User) AfterSet(colName string, _ xorm.Cell)

+ func (u *User) DisplayName() string

+ func (u *User) RelAvatarLink() string

type Webhook

+ ID int64

+ IsSSL bool

+ LastStatus HookStatus

+ OrgID int64

+ RepoID int64

+ URL string

+ func GetActiveWebhooksByOrgID(orgID int64) (ws []*Webhook, err error)

+ func GetActiveWebhooksByRepoID(repoID int64) (ws []*Webhook, err error)

+ func GetWebhookByID(id int64) (*Webhook, error)

+ func (w *Webhook) AfterSet(colName string, _ xorm.Cell)

+ func (w *Webhook) EventsArray() []string

+ func (w *Webhook) HasCreateEvent() bool

+ func (w *Webhook) History(page int) ([]*HookTask, error)

Aug 16, 2015 GO-2022-0369 +22 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const KEY_TYPE_DEPLOY

+ const KEY_TYPE_USER

+ func AddDeployKey(repoID int64, name, content string) (err error)

+ func AttachmentLocalPath(uuid string) string

+ func CountRepoClosedMilestones(repoID int64) int64

+ func CountRepoMilestones(repoID int64) int64

+ func DeleteDeployKey(id int64) error

+ func DeleteIssueLabel(issue *Issue, label *Label) (err error)

+ func DeleteMilestoneByID(mid int64) error

+ func HasDeployKey(keyID, repoID int64) bool

+ func HasIssueLabel(issueID, labelID int64) bool

+ func IsErrAttachmentNotExist(err error) bool

+ func IsErrDeployKeyAlreadyExist(err error) bool

+ func IsErrDeployKeyNameAlreadyUsed(err error) bool

+ func IsErrIssueNotExist(err error) bool

+ func IsErrKeyAlreadyExist(err error) bool

+ func IsErrKeyNameAlreadyUsed(err error) bool

+ func IsErrKeyNotExist(err error) bool

+ func IsErrLabelNotExist(err error) bool

+ func IsErrMilestoneNotExist(err error) bool

+ func IsErrRepoAlreadyExist(err error) bool

+ func IsErrUserNotExist(err error) bool

+ func MilestoneStats(repoID int64) (open int64, closed int64)

+ func NewIssueLabel(issue *Issue, label *Label) (err error)

+ func NewIssueUsers(repo *Repository, issue *Issue) (err error)

+ func UpdateDeployKey(key *DeployKey) error

+ func UpdateIssueUserByAssignee(issue *Issue) (err error)

+ func UpdateIssueUserByRead(uid, issueID int64) error

+ func UpdateIssueUsersByMentions(uids []int64, iid int64) error

+ func UpdateIssueUsersByStatus(issueID int64, isClosed bool) error

type Attachment

+ CommentID int64

+ ID int64

+ IssueID int64

+ ReleaseID int64

+ UUID string

+ func GetAttachmentByUUID(uuid string) (*Attachment, error)

+ func GetAttachmentsByCommentID(commentID int64) ([]*Attachment, error)

+ func GetAttachmentsByIssueID(issueID int64) ([]*Attachment, error)

+ func NewAttachment(name string, buf []byte, file multipart.File) (_ *Attachment, err error)

+ func (attach *Attachment) LocalPath() string

type Comment

+ CommitID int64

+ ID int64

+ IssueID int64

+ PosterID int64

+ RenderedContent string

+ ShowTag CommentTag

+ func CreateIssueComment(doer *User, repo *Repository, issue *Issue, content string, ...) (*Comment, error)

+ func GetCommentsByIssueID(issueID int64) ([]*Comment, error)

+ func (c *Comment) AfterSet(colName string, _ xorm.Cell)

+ func (c *Comment) EventTag() string

+ func (c *Comment) HashTag() string

+ type CommentTag int

+ const COMMENT_TAG_ADMIN

+ const COMMENT_TAG_NONE

+ const COMMENT_TAG_OWNER

+ const COMMENT_TAG_POSTER

type CommentType

+ const COMMENT_TYPE_COMMENT_REF

+ const COMMENT_TYPE_COMMIT_REF

+ const COMMENT_TYPE_ISSUE_REF

+ const COMMENT_TYPE_PULL_REF

+ type DeployKey struct

+ Created time.Time

+ Fingerprint string

+ HasRecentActivity bool

+ HasUsed bool

+ ID int64

+ KeyID int64

+ Name string

+ RepoID int64

+ Updated time.Time

+ func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error)

+ func ListDeployKeys(repoID int64) ([]*DeployKey, error)

+ func (k *DeployKey) AfterSet(colName string, _ xorm.Cell)

type ErrAttachmentNotExist

+ ID int64

+ UUID string

+ func (err ErrAttachmentNotExist) Error() string

+ type ErrDeployKeyAlreadyExist struct

+ KeyID int64

+ RepoID int64

+ func (err ErrDeployKeyAlreadyExist) Error() string

+ type ErrDeployKeyNameAlreadyUsed struct

+ Name string

+ RepoID int64

+ func (err ErrDeployKeyNameAlreadyUsed) Error() string

type ErrIssueNotExist

+ ID int64

+ Index int64

+ RepoID int64

+ func (err ErrIssueNotExist) Error() string

type ErrKeyAlreadyExist

+ Content string

+ OwnerID int64

+ func (err ErrKeyAlreadyExist) Error() string

+ type ErrKeyNameAlreadyUsed struct

+ Name string

+ OwnerID int64

+ func (err ErrKeyNameAlreadyUsed) Error() string

type ErrKeyNotExist

+ ID int64

+ func (err ErrKeyNotExist) Error() string

type ErrLabelNotExist

+ ID int64

+ func (err ErrLabelNotExist) Error() string

type ErrMilestoneNotExist

+ ID int64

+ RepoID int64

+ func (err ErrMilestoneNotExist) Error() string

type ErrRepoAlreadyExist

+ Name string

+ Uname string

+ func (err ErrRepoAlreadyExist) Error() string

type ErrUserNotExist

+ Name string

+ UID int64

+ func (err ErrUserNotExist) Error() string

type Issue

+ AssigneeID int64

+ Comments []*Comment

+ Milestone *Milestone

+ MilestoneID int64

+ PosterID int64

+ RepoID int64

+ func GetIssueByID(id int64) (*Issue, error)

+ func Issues(uid, assigneeID, repoID, posterID, milestoneID int64, page int, ...) ([]*Issue, error)

+ func (i *Issue) AddLabel(label *Label) (err error)

+ func (i *Issue) AfterSet(colName string, _ xorm.Cell)

+ func (i *Issue) ChangeStatus(doer *User, isClosed bool) (err error)

+ func (i *Issue) ClearLabels() (err error)

+ func (i *Issue) HasLabel(labelID int64) bool

+ func (i *Issue) HashTag() string

+ func (i *Issue) IsPoster(uid int64) bool

+ func (i *Issue) ReadBy(uid int64) error

+ func (i *Issue) RemoveLabel(label *Label) (err error)

+ type IssueLabel struct

+ ID int64

+ IssueID int64

+ LabelID int64

+ func GetIssueLabels(issueID int64) ([]*IssueLabel, error)

type IssueUser

+ ID int64

+ IssueID int64

+ MilestoneID int64

+ RepoID int64

+ UID int64

+ func GetIssueUsers(rid, uid int64, isClosed bool) ([]*IssueUser, error)

+ type KeyType int

type Label

+ RepoID int64

+ func GetLabelByID(id int64) (*Label, error)

+ func GetLabelsByIssueID(issueID int64) ([]*Label, error)

+ func GetLabelsByRepoID(repoID int64) ([]*Label, error)

type Milestone

+ ID int64

+ IsOverDue bool

+ RepoID int64

+ func GetAllRepoMilestones(repoID int64) ([]*Milestone, error)

+ func GetMilestoneByID(id int64) (*Milestone, error)

+ func GetRepoMilestoneByID(repoID, milestoneID int64) (*Milestone, error)

+ func (m *Milestone) AfterSet(colName string, _ xorm.Cell)

+ func (m *Milestone) BeforeUpdate()

type Mirror

+ ID int64

+ RepoID int64

type PublicKey

+ ID int64

+ Mode AccessMode

+ OwnerID int64

+ Type KeyType

+ func GetPublicKeyByID(keyID int64) (*PublicKey, error)

+ func (k *PublicKey) AfterSet(colName string, _ xorm.Cell)

type Repository

+ BaseRepo *Repository

+ ForkID int64

+ ID int64

+ OwnerID int64

+ func GetRepositoryByID(id int64) (*Repository, error)

+ func HasForkedRepo(ownerID, repoID int64) (*Repository, bool)

+ func (repo *Repository) GetAssigneeByID(userID int64) (*User, error)

+ func (repo *Repository) GetAssignees() (_ []*User, err error)

+ func (repo *Repository) GetBaseRepo() (err error)

+ func (repo *Repository) GetMilestoneByID(milestoneID int64) (*Milestone, error)

type User

+ func GetAssigneeByID(repo *Repository, userID int64) (*User, error)

+ func GetUserByID(id int64) (*User, error)

+ func NewFakeUser() *User

+ func (u *User) IsAdminOfRepo(repo *Repository) bool

Aug 2, 2015 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const FM_ALL

+ var ErrNameEmpty = errors.New("Name is empty")

+ var HookQueue *hookQueue

+ func CheckRepoStats()

+ func InitDeliverHooks()

+ func IsErrEmailAlreadyUsed(err error) bool

+ func IsErrNamePatternNotAllowed(err error) bool

+ func IsErrNameReserved(err error) bool

+ func IsErrUserAlreadyExist(err error) bool

+ func IsUsableName(name string) error

type ErrEmailAlreadyUsed

+ Email string

+ func (err ErrEmailAlreadyUsed) Error() string

+ type ErrNamePatternNotAllowed struct

+ Pattern string

+ func (err ErrNamePatternNotAllowed) Error() string

+ type ErrNameReserved struct

+ Name string

+ func (err ErrNameReserved) Error() string

type ErrUserAlreadyExist

+ Name string

+ func (err ErrUserAlreadyExist) Error() string

type HookTask

+ Delivered int64

+ HookID int64

+ ID int64

+ RepoID int64

type Issue

+ ID int64

type Label

+ ID int64

type LoginSource

+ func (source *LoginSource) PAM() *PAMConfig

type LoginType

+ const PAM

+ type PAMConfig struct

+ ServiceName string

+ func (cfg *PAMConfig) FromDB(bs []byte) error

+ func (cfg *PAMConfig) ToDB() ([]byte, error)

type User

+ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, ...) (*User, error)

+ func (u *User) ValidatePassword(passwd string) bool

Mar 26, 2015 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Mar 19, 2015 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func AddTeamRepo(orgID, teamID, repoID int64) error

+ func DeleteBeans(e Engine, beans ...interface{}) (err error)

+ func HasTeamRepo(orgID, teamID, repoID int64) bool

+ func IsErrLastOrgOwner(err error) bool

+ func IsErrRepoNotExist(err error) bool

+ func IsErrUserHasOrgs(err error) bool

+ func IsErrUserOwnRepos(err error) bool

+ func RemoveOrgRepo(orgID, repoID int64) error

+ func RemoveTeamRepo(teamID, repoID int64) error

type Access

+ ID int64

+ RepoID int64

+ UserID int64

+ type AccessMode int

+ const ACCESS_MODE_ADMIN

+ const ACCESS_MODE_NONE

+ const ACCESS_MODE_OWNER

+ const ACCESS_MODE_READ

+ const ACCESS_MODE_WRITE

+ func AccessLevel(u *User, repo *Repository) (AccessMode, error)

type Action

+ ActUserID int64

+ ID int64

+ RepoID int64

+ UserID int64

+ func (a Action) GetRepoPath() string

+ type Collaboration struct

+ Created time.Time

+ ID int64

+ RepoID int64

+ UserID int64

type Engine

+ Find func(interface{}, ...interface{}) error

+ InsertOne func(interface{}) (int64, error)

+ Sql func(string, ...interface{}) *xorm.Session

type ErrLastOrgOwner

+ UID int64

+ func (err ErrLastOrgOwner) Error() string

type ErrRepoNotExist

+ ID int64

+ Name string

+ UID int64

+ func (err ErrRepoNotExist) Error() string

type ErrUserHasOrgs

+ UID int64

+ func (err ErrUserHasOrgs) Error() string

type ErrUserOwnRepos

+ UID int64

+ func (err ErrUserOwnRepos) Error() string

type Follow

+ FollowID int64

+ UserID int64

type HookEventType

+ const HOOK_EVENT_PUSH

type OrgUser

+ ID int64

+ OrgID int64

type Repository

+ func (r *Repository) RecalculateAccesses() error

+ func (repo *Repository) AddCollaborator(u *User) error

+ func (repo *Repository) DeleteCollaborator(u *User) (err error)

+ func (repo *Repository) GetCollaborators() ([]*User, error)

type Team

+ ID int64

+ OrgID int64

+ func (t *Team) HasRepository(repoID int64) bool

+ type TeamRepo struct

+ ID int64

+ OrgID int64

+ RepoID int64

+ TeamID int64

type TeamUser

+ ID int64

+ OrgID int64

+ TeamID int64

type User

+ func (org *User) RemoveOrgRepo(repoID int64) error

+ func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error)

type Watch

+ ID int64

+ RepoID int64

+ UserID int64

Feb 13, 2015 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ var IssueCloseKeywords = []string

+ var IssueCloseKeywordsPat *regexp.Regexp

+ var IssueReferenceKeywordsPat *regexp.Regexp

+ var IssueReopenKeywords = []string

+ var IssueReopenKeywordsPat *regexp.Regexp

+ var SSHPath string

+ func ParseKeyString(content string) (string, error)

+ func RewriteAllPublicKeys() error

+ func RewriteRepositoryUpdateHook() error

type CommentType

+ const COMMENT_TYPE_CLOSE

+ const COMMENT_TYPE_COMMENT

+ const COMMENT_TYPE_COMMIT

+ const COMMENT_TYPE_ISSUE

+ const COMMENT_TYPE_PULL

+ const COMMENT_TYPE_REOPEN

type DiffFile

+ IsCreated bool

+ IsDeleted bool

type Engine

+ Get func(interface{}) (bool, error)

+ Id func(interface{}) *xorm.Session

+ Where func(string, ...interface{}) *xorm.Session

Jan 5, 2015 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ var ErrEmailNotActivated = errors.New("E-mail address has not been activated")

+ var ErrEmailNotExist = errors.New("E-mail does not exist")

+ func AddEmailAddress(email *EmailAddress) error

+ func DeleteEmailAddress(email *EmailAddress) error

+ func MakeEmailPrimary(email *EmailAddress) error

+ type EmailAddress struct

+ Email string

+ Id int64

+ IsActivated bool

+ IsPrimary bool

+ Uid int64

+ func GetEmailAddresses(uid int64) ([]*EmailAddress, error)

+ func VerifyActiveEmailCode(code, email string) *EmailAddress

+ func (email *EmailAddress) Activate() error

Dec 14, 2014 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ func GitFsck()

+ func GitGcRepos() error

+ func IsOrgEmailUsed(email string) (bool, error)

type Action

+ ActAvatar string

+ type CloneLink struct

+ Git string

+ HTTPS string

+ SSH string

type PublicKey

+ func (k *PublicKey) OmitEmail() string

type Repository

+ func (repo *Repository) CloneLink() (cl CloneLink, err error)

type User

+ UseCustomAvatar bool

+ func GetOrgByName(name string) (*User, error)

+ func (org *User) IsOwnedBy(uid int64) bool

+ func (u *User) CustomAvatarPath() string

+ func (u *User) UploadAvatar(data []byte) error

type UserCommit

+ User *User

Nov 19, 2014 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ var ErrAccessTokenNotExist = errors.New("Access token does not exist")

+ var ErrKeyUnableVerify = errors.New("Unable to verify public key")

+ func DeleteAccessTokenById(id int64) error

+ func DeleteRepositoryArchives() error

+ func FilterSQLInject(key string) string

+ func IsValidHookContentType(name string) bool

+ func IsValidHookTaskType(name string) bool

+ func NewAccessToken(t *AccessToken) error

+ type AccessToken struct

+ Created time.Time

+ HasRecentActivity bool

+ HasUsed bool

+ Id int64

+ Name string

+ Sha1 string

+ Uid int64

+ Updated time.Time

+ func GetAccessTokenBySha(sha string) (*AccessToken, error)

+ func ListAccessTokens(uid int64) ([]*AccessToken, error)

+ type CollaborativeRepository struct

+ CanPush bool

+ type Engine interface

+ Delete func(interface{}) (int64, error)

+ Exec func(string, ...interface{}) (sql.Result, error)

+ Insert func(...interface{}) (int64, error)

type HookContentType

+ func ToHookContentType(name string) HookContentType

+ func (t HookContentType) Name() string

type HookTaskType

+ func ToHookTaskType(name string) HookTaskType

+ func (t HookTaskType) Name() string

type PublicKey

+ func ListPublicKeys(uid int64) ([]*PublicKey, error)

type Repository

+ ForkRepo *Repository

+ func (repo *Repository) GetForkRepo() (err error)

+ func (repo *Repository) IsOwnedBy(u *User) bool

+ func (repo *Repository) RepoLink() (string, error)

+ func (repo *Repository) RepoPath() (string, error)

type SearchOption

+ Private bool

type User

+ AllowGitHook bool

type Webhook

+ Created time.Time

+ Updated time.Time

Oct 10, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const MAX_COMMITS

+ var DescPattern = regexp.MustCompile(`https?://\S+`)

+ func CountNotices() int64

+ func CreateNotice(tp NoticeType, desc string) error

+ func CreateRepositoryNotice(desc string) error

+ func DeleteNotice(id int64) error

+ func ValidateCommitWithEmail(c *git.Commit) (uname string)

+ func ValidateCommitsWithEmails(oldCommits *list.List) *list.List

+ type Notice struct

+ Created time.Time

+ Description string

+ Id int64

+ Type NoticeType

+ func GetNotices(num, offset int) ([]*Notice, error)

+ func (n *Notice) TrStr() string

+ type NoticeType int

+ const NOTICE_REPOSITORY

type Repository

+ func (repo *Repository) HasAccess(uname string) bool

+ type UserCommit struct

+ UserName string

Sep 18, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type PayloadAuthor

+ UserName string

type User

+ func (u *User) GetFullNameFallback() string

Sep 14, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const OWNER_TEAM

+ const SLACK_COLOR

+ const TPL_UPDATE_HOOK

+ var DescriptionPattern = regexp.MustCompile(`https?://\S+`)

+ var ErrAttachmentNotExist = errors.New("Attachment does not exist")

+ var ErrAttachmentNotLinked = errors.New("Attachment does not belong to this issue")

+ var ErrInvalidReference = errors.New("Invalid reference specified")

+ var ErrLastOrgOwner = errors.New("The user to remove is the last member in owner team")

+ var ErrMissingIssueNumber = errors.New("No issue number specified")

+ var ErrNotImplemented = errors.New("Not implemented yet")

+ var ErrOrgNotExist = errors.New("Organization does not exist")

+ var ErrReleaseNotExist = errors.New("Release does not exist")

+ var ErrTeamAlreadyExist = errors.New("Team already exist")

+ var ErrTeamNameIllegal = errors.New("Team name contains illegal characters")

+ var ErrTeamNotExist = errors.New("Team does not exist")

+ var ErrUserHasOrgs = errors.New("User still have membership of organization")

+ var ErrWrongIssueCounter = errors.New("Invalid number of issues for this milestone")

+ var Gitignores []string

+ var IssueKeywords = []string

+ var IssueKeywordsPat *regexp.Regexp

+ var MinimumKeySize = map[string]int

+ var SshPath string

+ func AddOrgUser(orgId, uid int64) error

+ func AddTeamMember(orgId, teamId, uid int64) error

+ func AddUpdateTask(task *UpdateTask) error

+ func ChangeMilestoneIssueStats(issue *Issue) error

+ func ChangeOrgUserStatus(orgId, uid int64, public bool) error

+ func CheckPublicKeyString(content string) (bool, error)

+ func CountOrganizations() int64

+ func CountRepositories() int64

+ func CountUsers() int64

+ func CreateHookTask(t *HookTask) error

+ func CreateSource(source *LoginSource) error

+ func CreateUser(u *User) error

+ func DelUpdateTasksByUuid(uuid string) error

+ func DeleteAttachment(a *Attachment, remove bool) error

+ func DeleteAttachments(attachments []*Attachment, remove bool) (int, error)

+ func DeleteAttachmentsByComment(commentId int64, remove bool) (int, error)

+ func DeleteAttachmentsByIssue(issueId int64, remove bool) (int, error)

+ func DeleteInactivateUsers() error

+ func DeleteOrganization(org *User) (err error)

+ func DeleteTeam(t *Team) error

+ func DeliverHooks()

+ func GetSlackURL(domain string, token string) string

+ func IsOrganizationMember(orgId, uid int64) bool

+ func IsOrganizationOwner(orgId, uid int64) bool

+ func IsPublicMembership(orgId, uid int64) bool

+ func IsStaring(uid, repoId int64) bool

+ func IsTeamMember(orgId, teamId, uid int64) bool

+ func NewTeam(t *Team) error

+ func Ping() error

+ func RemoveOrgUser(orgId, uid int64) error

+ func RemoveTeamMember(orgId, teamId, uid int64) error

+ func SlackLinkFormatter(url string, text string) string

+ func SlackTextFormatter(s string) string

+ func SortReleases(rels []*Release)

+ func StarRepo(uid, repoId int64, star bool) (err error)

+ func UpdateHookTask(t *HookTask) error

+ func UpdateMentions(userNames []string, issueId int64) error

+ func UpdateOauth2(oa *Oauth2) error

+ func UpdatePublicKey(key *PublicKey) error

+ func UpdateRelease(gitRepo *git.Repository, rel *Release) (err error)

+ func UpdateTeam(t *Team, authChanged bool) (err error)

+ type AccessType int

+ const READABLE

+ const WRITABLE

+ func AuthorizeToAccessType(auth AuthorizeType) AccessType

type Action

+ func (a Action) GetCreate() time.Time

+ func (a Action) GetIssueInfos() []string

+ func (a Action) GetRepoLink() string

+ type ActionType int

+ const COMMENT_ISSUE

+ const COMMIT_REPO

+ const CREATE_ISSUE

+ const CREATE_REPO

+ const DELETE_REPO

+ const FOLLOW_REPO

+ const PULL_REQUEST

+ const PUSH_TAG

+ const STAR_REPO

+ const TRANSFER_REPO

+ type Attachment struct

+ CommentId int64

+ Created time.Time

+ Id int64

+ IssueId int64

+ Name string

+ Path string

+ func CreateAttachment(issueId, commentId int64, name, path string) (*Attachment, error)

+ func GetAttachmentById(id int64) (*Attachment, error)

+ func GetAttachmentsByComment(commentId int64) ([]*Attachment, error)

+ func GetAttachmentsByIssue(issueId int64) ([]*Attachment, error)

+ func GetAttachmentsForIssue(issueId int64) ([]*Attachment, error)

+ type AuthorizeType int

+ const ORG_ADMIN

+ const ORG_READABLE

+ const ORG_WRITABLE

+ func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error)

+ type BasePayload interface

+ GetJSONPayload func() ([]byte, error)

type Comment

+ func GetCommentById(commentId int64) (*Comment, error)

+ func (c *Comment) AfterDelete()

+ func (c *Comment) Attachments() []*Attachment

+ func (c *Comment) ContentHtml() template.HTML

+ type CommentType int

+ const CLOSE

+ const COMMENT

+ const COMMIT

+ const ISSUE

+ const PULL

+ const REOPEN

type Diff

+ func GetDiffCommit(repoPath, commitId string) (*Diff, error)

+ func GetDiffRange(repoPath, beforeCommitId string, afterCommitId string) (*Diff, error)

+ type HookContentType int

+ const FORM

+ const JSON

+ type HookEventType string

+ const PUSH

+ type HookTask struct

+ ContentType HookContentType

+ EventType HookEventType

+ Id int64

+ IsDelivered bool

+ IsSsl bool

+ IsSucceed bool

+ PayloadContent string

+ Type HookTaskType

+ Url string

+ Uuid string

+ type HookTaskType int

+ const GOGS

+ const SLACK

type Issue

+ func GetIssueByRef(ref string) (issue *Issue, err error)

+ func (i *Issue) AfterDelete()

+ func (i *Issue) Attachments() []*Attachment

+ type LoginType int

+ const LDAP

+ const NOTYPE

+ const PLAIN

+ const SMTP

type Oauth2

+ Created time.Time

+ HasRecentActivity bool

+ Updated time.Time

+ type OauthType int

+ const BITBUCKET

+ const FACEBOOK

+ const GITHUB

+ const GOOGLE

+ const QQ

+ const TWITTER

+ const WEIBO

+ type OrgUser struct

+ Id int64

+ IsOwner bool

+ IsPublic bool

+ NumTeams int

+ OrgId int64

+ Uid int64

+ func GetOrgUsersByOrgId(orgId int64) ([]*OrgUser, error)

+ func GetOrgUsersByUserId(uid int64) ([]*OrgUser, error)

+ type Payload struct

+ After string

+ Before string

+ Commits []*PayloadCommit

+ CompareUrl string

+ Pusher *PayloadAuthor

+ Ref string

+ Repo *PayloadRepo

+ Secret string

+ func (p Payload) GetJSONPayload() ([]byte, error)

+ type PayloadAuthor struct

+ Email string

+ Name string

+ type PayloadCommit struct

+ Author *PayloadAuthor

+ Id string

+ Message string

+ Url string

+ type PayloadRepo struct

+ Description string

+ Id int64

+ Name string

+ Owner *PayloadAuthor

+ Private bool

+ Url string

+ Watchers int

+ Website string

type PublicKey

+ HasRecentActivity bool

+ HasUsed bool

+ func GetPublicKeyById(keyId int64) (*PublicKey, error)

type Release

+ IsDraft bool

+ Sha1 string

+ Target string

+ func GetRelease(repoId int64, tagName string) (*Release, error)

+ type ReleaseSorter struct

+ func (rs *ReleaseSorter) Len() int

+ func (rs *ReleaseSorter) Less(i, j int) bool

+ func (rs *ReleaseSorter) Swap(i, j int)

type Repository

+ IsFork bool

+ NumClosedPulls int

+ NumOpenPulls int

+ NumPulls int

+ func GetRepositoryByRef(ref string) (*Repository, error)

+ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error)

+ func (repo *Repository) DescriptionHtml() template.HTML

+ func (repo *Repository) GetMirror() (err error)

+ type SearchOption struct

+ Keyword string

+ Limit int

+ Uid int64

+ type Slack struct

+ Channel string

+ Domain string

+ Token string

+ type SlackAttachment struct

+ Color string

+ Text string

+ type SlackPayload struct

+ Attachments []SlackAttachment

+ Channel string

+ IconUrl string

+ LinkNames int

+ Text string

+ UnfurlLinks int

+ Username string

+ func GetSlackPayload(p *Payload, meta string) (*SlackPayload, error)

+ func (p SlackPayload) GetJSONPayload() ([]byte, error)

+ type Star struct

+ Id int64

+ RepoId int64

+ Uid int64

+ type Team struct

+ Authorize AuthorizeType

+ Description string

+ Id int64

+ LowerName string

+ Members []*User

+ Name string

+ NumMembers int

+ NumRepos int

+ OrgId int64

+ RepoIds string

+ Repos []*Repository

+ func GetTeam(orgId int64, name string) (*Team, error)

+ func GetTeamById(teamId int64) (*Team, error)

+ func GetUserTeams(orgId, uid int64) ([]*Team, error)

+ func (t *Team) AddMember(uid int64) error

+ func (t *Team) AddRepository(repo *Repository) (err error)

+ func (t *Team) GetMembers() (err error)

+ func (t *Team) GetRepositories() error

+ func (t *Team) IsMember(uid int64) bool

+ func (t *Team) IsOwnerTeam() bool

+ func (t *Team) RemoveMember(uid int64) error

+ func (t *Team) RemoveRepository(repoId int64) error

+ type TeamUser struct

+ Id int64

+ OrgId int64

+ TeamId int64

+ Uid int64

+ type UpdateTask struct

+ Id int64

+ NewCommitId string

+ OldCommitId string

+ RefName string

+ Uuid string

+ func GetUpdateTasksByUuid(uuid string) ([]*UpdateTask, error)

type User

+ Description string

+ Members []*User

+ NumMembers int

+ NumTeams int

+ Orgs []*User

+ Repos []*Repository

+ Teams []*Team

+ func CreateOrganization(org, owner *User) (*User, error)

+ func GetOrganizations(num, offset int) ([]*User, error)

+ func GetTeamMembers(orgId, teamId int64) ([]*User, error)

+ func (org *User) AddMember(uid int64) error

+ func (org *User) GetMembers() error

+ func (org *User) GetOwnerTeam() (*Team, error)

+ func (org *User) GetTeam(name string) (*Team, error)

+ func (org *User) GetTeams() error

+ func (org *User) IsOrgMember(uid int64) bool

+ func (org *User) IsOrgOwner(uid int64) bool

+ func (org *User) RemoveMember(uid int64) error

+ func (u *User) DashboardLink() string

+ func (u *User) GetOrganizationCount() (int64, error)

+ func (u *User) GetOrganizations() error

+ func (u *User) GetRepositories() (err error)

+ func (u *User) IsOrganization() bool

+ func (u *User) IsPublicMember(orgId int64) bool

+ func (u *User) IsUserOrgOwner(orgId int64) bool

+ func (u *User) ValidtePassword(passwd string) bool

+ type UserType int

+ const INDIVIDUAL

+ const ORGANIZATION

type Webhook

+ HookTaskType HookTaskType

+ Meta string

+ OrgId int64

+ func GetActiveWebhooksByOrgId(orgId int64) (ws []*Webhook, err error)

+ func GetWebhooksByOrgId(orgId int64) (ws []*Webhook, err error)

+ func (w *Webhook) GetSlackHook() *Slack

+ func (w *Webhook) UpdateEvent() error

Jun 6, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type User

+ func UserSignIn(uname, passwd string) (*User, error)

Jun 1, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

May 31, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const CT_FORM

+ const CT_JSON

+ const FM_ASSIGN

+ const FM_CREATE

+ const FM_MENTION

+ const IS_CLOSE

+ const IS_OPEN

+ const LT_NOTYPE

+ const LT_SMTP

+ const OP_COMMENT_ISSUE

+ var ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")

+ var ErrAuthenticationNotExist = errors.New("Authentication does not exist")

+ var ErrAuthenticationUserUsed = errors.New("Authentication has been used by some users")

+ var ErrLabelNotExist = errors.New("Label does not exist")

+ var ErrLoginSourceNotActived = errors.New("Login source is not actived")

+ var ErrLoginSourceNotExist = errors.New("Login source does not exist")

+ var ErrMilestoneNotExist = errors.New("Milestone does not exist")

+ var ErrUnsupportedLoginType = errors.New("Login source is unknown")

+ var ErrUserNotKeyOwner = errors.New("User does not the owner of public key")

+ var ErrWebhookNotExist = errors.New("Webhook does not exist")

+ var LoginTypes = map[int]string

+ var SMTPAuths = []string

+ var SMTP_LOGIN = "LOGIN"

+ var SMTP_PLAIN = "PLAIN"

+ func AddSource(source *LoginSource) error

+ func ChangeMilestoneAssign(oldMid, mid int64, issue *Issue) (err error)

+ func ChangeMilestoneStatus(m *Milestone, isClosed bool) (err error)

+ func CleanUnbindOauth() error

+ func CreateWebhook(w *Webhook) error

+ func DelLoginSource(source *LoginSource) error

+ func DeleteAccess(access *Access) error

+ func DeleteLabel(repoId int64, strId string) error

+ func DeleteMilestone(m *Milestone) (err error)

+ func DeleteOauth2ById(id int64) error

+ func DeleteWebhook(hookId int64) error

+ func DumpDatabase(filePath string) error

+ func Fix() error

+ func GetCollaboratorNames(repoName string) ([]string, error)

+ func GetIssueCountByPoster(uid, rid int64, isClosed bool) int64

+ func GetUserIdsByNames(names []string) []int64

+ func LoginAuth(username, password string) smtp.Auth

+ func NewIssue(issue *Issue) (err error)

+ func NewIssueUserPairs(rid, iid, oid, pid, aid int64, repoName string) (err error)

+ func NewLabel(l *Label) error

+ func NewMilestone(m *Milestone) (err error)

+ func PairsContains(ius []*IssueUser, issueId int64) int

+ func SmtpAuth(host string, port int, a smtp.Auth, useTls bool) error

+ func UpdateIssueUserPairByAssignee(aid, iid int64) error

+ func UpdateIssueUserPairByRead(uid, iid int64) error

+ func UpdateIssueUserPairsByMentions(uids []int64, iid int64) error

+ func UpdateIssueUserPairsByStatus(iid int64, isClosed bool) error

+ func UpdateLabel(l *Label) error

+ func UpdateMilestone(m *Milestone) error

+ func UpdateSource(source *LoginSource) error

+ func UpdateWebhook(w *Webhook) error

type Action

+ IsPrivate bool

+ RepoUserName string

+ func (a Action) GetRepoUserName() string

type DiffFile

+ Index int

+ type HookEvent struct

+ PushOnly bool

type Issue

+ Assignee *User

+ Deadline time.Time

+ IsRead bool

+ LabelIds string

+ Priority int

+ func GetIssueById(id int64) (*Issue, error)

+ func GetIssuesByLabel(repoId int64, label string) ([]*Issue, error)

+ func (i *Issue) GetAssignee() (err error)

+ func (i *Issue) GetLabels() error

+ func (i *Issue) GetPoster() (err error)

+ type IssueStats struct

+ AllCount int64

+ AssignCount int64

+ ClosedCount int64

+ CreateCount int64

+ MentionCount int64

+ OpenCount int64

+ func GetIssueStats(rid, uid int64, isShowClosed bool, filterMode int) *IssueStats

+ func GetUserIssueStats(uid int64, filterMode int) *IssueStats

+ type IssueStatus int

+ type IssueUser struct

+ Id int64

+ IsAssigned bool

+ IsClosed bool

+ IsMentioned bool

+ IsPoster bool

+ IsRead bool

+ IssueId int64

+ MilestoneId int64

+ RepoId int64

+ Uid int64

+ func GetIssueUserPairs(rid, uid int64, isClosed bool) ([]*IssueUser, error)

+ func GetIssueUserPairsByMode(uid, rid int64, isClosed bool, page, filterMode int) ([]*IssueUser, error)

+ func GetIssueUserPairsByRepoIds(rids []int64, isClosed bool, page int) ([]*IssueUser, error)

+ type LDAPConfig struct

+ func (cfg *LDAPConfig) FromDB(bs []byte) error

+ func (cfg *LDAPConfig) ToDB() ([]byte, error)

type Label

+ Color string

+ IsChecked bool

+ Name string

+ NumClosedIssues int

+ NumIssues int

+ NumOpenIssues int

+ func GetLabelById(id int64) (*Label, error)

+ func GetLabels(repoId int64) ([]*Label, error)

+ func (m *Label) CalOpenIssues()

+ type LoginSource struct

+ AllowAutoRegister bool

+ Cfg core.Conversion

+ Created time.Time

+ Id int64

+ IsActived bool

+ Name string

+ Type int

+ Updated time.Time

+ func GetAuths() ([]*LoginSource, error)

+ func GetLoginSourceById(id int64) (*LoginSource, error)

+ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell)

+ func (source *LoginSource) LDAP() *LDAPConfig

+ func (source *LoginSource) SMTP() *SMTPConfig

+ func (source *LoginSource) TypeString() string

type Milestone

+ ClosedDate time.Time

+ Completeness int

+ Deadline time.Time

+ DeadlineString string

+ Index int64

+ NumClosedIssues int

+ NumOpenIssues int

+ RenderedContent string

+ func GetMilestoneById(id int64) (*Milestone, error)

+ func GetMilestoneByIndex(repoId, idx int64) (*Milestone, error)

+ func GetMilestones(repoId int64, isClosed bool) ([]*Milestone, error)

+ func (m *Milestone) CalOpenIssues()

type PublicKey

+ func (key *PublicKey) GetAuthorizedString() string

type Repository

+ NumClosedMilestones int

+ NumMilestones int

+ NumOpenMilestones int

+ func GetCollaborativeRepos(uname string) ([]*Repository, error)

+ func GetRepositoriesWithUsers(num, offset int) ([]*Repository, error)

+ func (repo *Repository) GetOwner() (err error)

+ type SMTPConfig struct

+ Auth string

+ Host string

+ Port int

+ TLS bool

+ func (cfg *SMTPConfig) FromDB(bs []byte) error

+ func (cfg *SMTPConfig) ToDB() ([]byte, error)

type User

+ FullName string

+ LoginName string

+ LoginSource int64

+ func GetCollaborators(repoName string) (us []*User, err error)

+ func LoginUser(uname, passwd string) (*User, error)

+ func LoginUserLdapSource(user *User, name, passwd string, sourceId int64, cfg *LDAPConfig, ...) (*User, error)

+ func LoginUserSMTPSource(user *User, name, passwd string, sourceId int64, cfg *SMTPConfig, ...) (*User, error)

+ func SearchUserByName(key string, limit int) (us []*User, err error)

type Watch

+ func GetWatchers(rid int64) ([]*Watch, error)

+ type Webhook struct

+ ContentType int

+ Events string

+ Id int64

+ IsActive bool

+ IsSsl bool

+ RepoId int64

+ Secret string

+ Url string

+ func GetActiveWebhooksByRepoId(repoId int64) (ws []*Webhook, err error)

+ func GetWebhookById(hookId int64) (*Webhook, error)

+ func GetWebhooksByRepoId(repoId int64) (ws []*Webhook, err error)

+ func (w *Webhook) GetEvent()

+ func (w *Webhook) HasPushEvent() bool

+ func (w *Webhook) SaveEvent() error

Apr 29, 2014 GO-2022-0369 +23 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0642: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2022-0831: SQL Injection in Gogs in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

type User

+ func LoginUserLdap(name, passwd string) (*User, error)

Apr 21, 2014 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const OP_PUSH_TAG

+ const OP_TRANSFER_REPO

+ const OT_BITBUCKET

+ const OT_FACEBOOK

+ const OT_GITHUB

+ const OT_GOOGLE

+ const OT_OSCHINA

+ const OT_QQ

+ const OT_TWITTER

+ const OT_WEIBO

+ var EnableSQLite3 bool

+ var ErrMirrorNotExist = errors.New("Mirror does not exist")

+ var ErrOauth2NotAssociated = errors.New("OAuth2 is not associated with user")

+ var ErrOauth2RecordNotExist = errors.New("OAuth2 record does not exist")

+ var ErrReleaseAlreadyExist = errors.New("Release already exist")

+ func AddOauth2(oa *Oauth2) error

+ func BindUserOauth2(userId, oauthId int64) error

+ func ChangeRepositoryName(userName, oldRepoName, newRepoName string) (err error)

+ func ChangeUserName(user *User, newUserName string) (err error)

+ func CreateRelease(repoPath string, rel *Release, gitRepo *git.Repository) error

+ func GetUserEmailsByNames(names []string) []string

+ func IsReleaseExist(repoId int64, tagName string) (bool, error)

+ func MirrorRepository(repoId int64, userName, repoName, repoPath, url string) error

+ func MirrorUpdate()

+ func SetRepoEnvs(userId int64, userName, repoName string)

+ func TransferOwnership(user *User, newOwner string, repo *Repository) (err error)

+ func TransferRepoAction(user, newUser *User, repo *Repository) (err error)

+ func Update(refName, oldCommitId, newCommitId, userName, repoName string, userId int64)

+ func UpdateAccess(access *Access) error

+ func UpdateAccessWithSession(sess *xorm.Session, access *Access) error

+ func UpdateMirror(m *Mirror) error

type DiffFile

+ IsBin bool

+ type Mirror struct

+ Id int64

+ Interval int

+ NextUpdate time.Time

+ RepoId int64

+ RepoName string

+ Updated time.Time

+ func GetMirror(repoId int64) (*Mirror, error)

+ type Oauth2 struct

+ Id int64

+ Identity string

+ Token string

+ Type int

+ Uid int64

+ User *User

+ func GetOauth2(identity string) (oa *Oauth2, err error)

+ func GetOauth2ById(id int64) (oa *Oauth2, err error)

+ func GetOauthByUserId(uid int64) (oas []*Oauth2, err error)

+ type Release struct

+ Created time.Time

+ Id int64

+ IsPrerelease bool

+ LowerTagName string

+ Note string

+ NumCommits int

+ NumCommitsBehind int

+ Publisher *User

+ PublisherId int64

+ RepoId int64

+ SHA1 string

+ TagName string

+ Title string

+ func GetReleasesByRepoId(repoId int64) (rels []*Release, err error)

type Repository

+ DefaultBranch string

+ IsGoget bool

+ IsMirror bool

+ NumTags int

+ Owner *User

+ func GetRecentUpdatedRepositories() (repos []*Repository, err error)

+ func MigrateRepository(user *User, name, desc string, private, mirror bool, url string) (*Repository, error)

type User

+ Salt string

+ func GetUserByEmail(email string) (*User, error)

Mar 31, 2014 GO-2022-0369 +21 more

  GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

  GO-2022-0377: SSRF in repository migration in gogs.io/gogs

  GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

  GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

  GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

  GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

  GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

  GO-2022-0566: SSRF in repository migration in gogs.io/gogs

  GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

  GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

  GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

  GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

  GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

  GO-2022-0822: Open Redirect in gogs.io/gogs

  GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

  GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

  GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

  GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

  GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

  GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

Changes in this version

+ const AU_READABLE

+ const AU_WRITABLE

+ const DIFF_FILE_ADD

+ const DIFF_FILE_CHANGE

+ const DIFF_FILE_DEL

+ const DIFF_HEAD

+ const DIFF_LINE_ADD

+ const DIFF_LINE_DEL

+ const DIFF_LINE_PLAIN

+ const DIFF_LINE_SECTION

+ const IT_CLOSE

+ const IT_PLAIN

+ const IT_REOPEN

+ const LT_LDAP

+ const LT_PLAIN

+ const OP_COMMIT_REPO

+ const OP_CREATE_ISSUE

+ const OP_CREATE_REPO

+ const OP_DELETE_REPO

+ const OP_FOLLOW_REPO

+ const OP_PULL_REQUEST

+ const OP_STAR_REPO

+ const TPL_PUBLICK_KEY

+ const UT_INDIVIDUAL

+ const UT_ORGANIZATION

+ var DbCfg struct

+ var ErrEmailAlreadyUsed = errors.New("E-mail already used")

+ var ErrIssueNotExist = errors.New("Issue does not exist")

+ var ErrKeyAlreadyExist = errors.New("Public key already exist")

+ var ErrKeyNotExist = errors.New("Public key does not exist")

+ var ErrRepoAlreadyExist = errors.New("Repository already exist")

+ var ErrRepoFileNotExist = errors.New("Target Repo file does not exist")

+ var ErrRepoFileNotLoaded = fmt.Errorf("repo file not loaded")

+ var ErrRepoNameIllegal = errors.New("Repository name contains illegal characters")

+ var ErrRepoNotExist = errors.New("Repository does not exist")

+ var ErrUserAlreadyExist = errors.New("User already exist")

+ var ErrUserNameIllegal = errors.New("User name contains illegal characters")

+ var ErrUserNotExist = errors.New("User does not exist")

+ var ErrUserOwnRepos = errors.New("User still have ownership of repositories")

+ var HasEngine bool

+ var LanguageIgns []string

+ var Licenses []string

+ var UseSQLite3 bool

+ func AddAccess(access *Access) error

+ func AddPublicKey(key *PublicKey) (err error)

+ func CommitRepoAction(userId int64, userName, actEmail string, repoId int64, repoName string, ...) error

+ func CreateComment(userId, repoId, issueId, commitId, line int64, cmtType int, content string) error

+ func DeletePublicKey(key *PublicKey) (err error)

+ func DeleteRepository(userId, repoId int64, userName string) (err error)

+ func DeleteUser(user *User) error

+ func FollowUser(userId int64, followId int64) (err error)

+ func ForkRepository(reposName string, userId int64)

+ func GenAuthorizedKey(keyId int64, key string) string

+ func GetBranches(userName, repoName string) ([]string, error)

+ func GetCommit(userName, repoName, commitId string) (*git.Commit, error)

+ func GetCommitsByBranch(userName, repoName, branchName string) (*list.List, error)

+ func GetCommitsByCommitId(userName, repoName, commitId string) (*list.List, error)

+ func GetRepositoryCount(user *User) (int64, error)

+ func GetUserIssueCount(userId, repoId int64) int64

+ func GetUserSalt() string

+ func HasAccess(userName, repoName string, mode int) (bool, error)

+ func IsBranchExist(userName, repoName, branchName string) bool

+ func IsEmailUsed(email string) (bool, error)

+ func IsLegalName(repoName string) bool

+ func IsRepositoryExist(user *User, repoName string) (bool, error)

+ func IsUserExist(name string) (bool, error)

+ func IsWatching(userId, repoId int64) bool

+ func LoadModelsConfig()

+ func LoadRepoConfig()

+ func NewEngine() (err error)

+ func NewRepoAction(user *User, repo *Repository) (err error)

+ func NewRepoContext()

+ func NewTestEngine(x *xorm.Engine) (err error)

+ func NotifyWatchers(act *Action) error

+ func RepoPath(userName, repoName string) string

+ func SaveAuthorizedKeyFile(key *PublicKey) error

+ func SetEngine() (err error)

+ func UnFollowUser(userId int64, unFollowId int64) (err error)

+ func UpdateIssue(issue *Issue) error

+ func UpdateRepository(repo *Repository) error

+ func UpdateUser(user *User) (err error)

+ func UserPath(userName string) string

+ func WatchRepo(userId, repoId int64, watch bool) (err error)

+ type Access struct

+ Created time.Time

+ Id int64

+ Mode int

+ RepoName string

+ UserName string

+ type Action struct

+ ActEmail string

+ ActUserId int64

+ ActUserName string

+ Content string

+ Created time.Time

+ Id int64

+ OpType int

+ RefName string

+ RepoId int64

+ RepoName string

+ UserId int64

+ func GetFeeds(userid, offset int64, isProfile bool) ([]Action, error)

+ func (a Action) GetActEmail() string

+ func (a Action) GetActUserName() string

+ func (a Action) GetBranch() string

+ func (a Action) GetContent() string

+ func (a Action) GetOpType() int

+ func (a Action) GetRepoName() string

+ type Comment struct

+ CommitId int64

+ Content string

+ Created time.Time

+ Id int64

+ IssueId int64

+ Line int64

+ Poster *User

+ PosterId int64

+ Type int

+ func GetIssueComments(issueId int64) ([]Comment, error)

+ type Diff struct

+ Files []*DiffFile

+ TotalAddition int

+ TotalDeletion int

+ func GetDiff(repoPath, commitid string) (*Diff, error)

+ func ParsePatch(reader io.Reader) (*Diff, error)

+ func (diff *Diff) NumFiles() int

+ type DiffFile struct

+ Addition int

+ Deletion int

+ Name string

+ Sections []*DiffSection

+ Type int

+ type DiffLine struct

+ Content string

+ LeftIdx int

+ RightIdx int

+ Type int

+ func (d DiffLine) GetType() int

+ type DiffSection struct

+ Lines []*DiffLine

+ Name string

+ type Follow struct

+ FollowId int64

+ Id int64

+ UserId int64

+ type Issue struct

+ AssigneeId int64

+ Content string

+ Created time.Time

+ Id int64

+ Index int64

+ IsClosed bool

+ IsPull bool

+ Labels string

+ Mentions string

+ MilestoneId int64

+ Name string

+ NumComments int

+ Poster *User

+ PosterId int64

+ RenderedContent string

+ Repo *Repository

+ RepoId int64

+ Updated time.Time

+ func CreateIssue(userId, repoId, milestoneId, assigneeId int64, issueCount int, ...) (issue *Issue, err error)

+ func GetIssueByIndex(repoId, index int64) (*Issue, error)

+ func GetIssues(userId, repoId, posterId, milestoneId int64, page int, ...) ([]Issue, error)

+ type Label struct

+ Colors string

+ Id int64

+ Names string

+ RepoId int64

+ type Member struct

+ Id int64

+ OrgId int64

+ UserId int64

+ type Milestone struct

+ Content string

+ Created time.Time

+ DueDate time.Time

+ Id int64

+ IsClosed bool

+ Name string

+ NumIssues int

+ RepoId int64

+ type PublicKey struct

+ Content string

+ Created time.Time

+ Fingerprint string

+ Id int64

+ Name string

+ OwnerId int64

+ Updated time.Time

+ func ListPublicKey(userId int64) ([]PublicKey, error)

+ type RepoFile struct

+ Commit *git.Commit

+ Path string

+ Repo *git.Repository

+ Size int64

+ func GetReposFiles(userName, repoName, commitId, rpath string) ([]*RepoFile, error)

+ func GetTargetFile(userName, repoName, branchName, commitId, rpath string) (*RepoFile, error)

+ func (file *RepoFile) LookupBlob() (*git.Blob, error)

+ type Repository struct

+ Created time.Time

+ Description string

+ ForkId int64

+ Id int64

+ IsBare bool

+ IsPrivate bool

+ LowerName string

+ Name string

+ NumClosedIssues int

+ NumForks int

+ NumIssues int

+ NumOpenIssues int

+ NumStars int

+ NumWatches int

+ OwnerId int64

+ Updated time.Time

+ Website string

+ func CreateRepository(user *User, repoName, desc, repoLang, license string, private bool, ...) (*Repository, error)

+ func GetRepositories(user *User) ([]Repository, error)

+ func GetRepositoryById(id int64) (*Repository, error)

+ func GetRepositoryByName(userId int64, repoName string) (*Repository, error)

+ type Statistic struct

+ Counter struct{ ... }

+ func GetStatistic() (stats Statistic)

+ type User struct

+ Avatar string

+ AvatarEmail string

+ Created time.Time

+ Email string

+ Id int64

+ IsActive bool

+ IsAdmin bool

+ Location string

+ LoginType int

+ LowerName string

+ Name string

+ NumFollowers int

+ NumFollowings int

+ NumRepos int

+ NumStars int

+ Passwd string

+ Rands string

+ Type int

+ Updated time.Time

+ Website string

+ func GetUserById(id int64) (*User, error)

+ func GetUserByKeyId(keyId int64) (*User, error)

+ func GetUserByName(name string) (*User, error)

+ func GetUsers(num, offset int) ([]User, error)

+ func LoginUserPlain(name, passwd string) (*User, error)

+ func RegisterUser(user *User) (*User, error)

+ func VerifyUserActiveCode(code string) (user *User)

+ func (user *User) AvatarLink() string

+ func (user *User) EncodePasswd() error

+ func (user *User) HomeLink() string

+ func (user *User) NewGitSig() *git.Signature

+ type UserRepo struct

+ UserName string

+ func GetRepos(num, offset int) ([]UserRepo, error)

+ type Watch struct

+ Id int64

+ RepoId int64

+ UserId int64

+ func GetWatches(repoId int64) ([]Watch, error)