APIs fail for repo names which contain the string `.asp` - Githubissues

harness / gitness

Gitness is an Open Source developer platform with Source Control management, Continuous Integration and Continuous Delivery.

https://gitness.com

Apache License 2.0

32.14k stars 2.8k forks source link

APIs fail for repo names which contain the string `.asp` #3273

Closed sid-propelo closed 1 year ago

sid-propelo commented 1 year ago

I discovered a bug in the repos endpoint. If the repo name contains the string .asp this causes the request to 403. Eg: https://drone.<companyName>.com/api/repos/<ownerName>/abc.aspectj

We have a repo with the name org.aspectj and this causes issues with fetching information and build info for this repo.

If a repo name is not found, the api usually returns a 404. For example these calls return a 404:

https://drone.xxx.com/api/repos/ladybug/org.as
https://drone.xxx.com/api/repos/ladybug/org.asa
https://drone.xxx.com/api/repos/ladybug/org.asb
https://drone.xxx.com/api/repos/ladybug/org.asc

But these return a 403:

https://drone.xxx.com/api/repos/ladybug/org.asp
https://drone.xxx.com/api/repos/ladybug/org.aspabc
https://drone.xxx.com/api/repos/ladybug/abc.asp
https://drone.xxx.com/api/repos/ladybug/junk.aspjunk

My guess is that there's some firewall rule or other security feature that checks for any urls that contain .asp and blocks these requests.

ShruthiHubb commented 1 year ago

Hi @sid-propelo is the issue still there? can you log out and log back that would refresh the credentials?

Did you check if you have enough permissions to push?

Can you elaborate your usecase?

Thanks!

bradrydzewski commented 1 year ago

Drone does not implement any suffix rules. Here is a real world example of a vanilla Drone installation that is able to serve repositories with asp in the suffix:

Perhaps you have a reverse proxy or load balancer enforcing these rules? This seems like an upstream issue unrelated to the Drone codebase itself.