access/enforcer.go@3cd8ca687dbc
access/enforcer.go
Mon, 10 Apr 2023 01:14:17 -0500
- author
- aklitzing <aklitzing@gmail.com>
- date
- Mon, 10 Apr 2023 01:14:17 -0500
- changeset 168
- 3cd8ca687dbc
- parent 164
- 4a8207ba4501
- permissions
- -rw-r--r--
Add kong.NoDefaultHelp() option
Otherwise an authenticated user can send "hg -h" as command. Since
kong calls Exit() by default for their help this could lead to a DoS attack.
Reviewed at https://reviews.imfreedom.org/r/2420/
package access import ( "path/filepath" "sync" "github.com/casbin/casbin/v2" "go.uber.org/zap" ) var ( enforcer *casbin.Enforcer enforcerLock sync.Mutex ) func refreshEnforcer() error { enforcerLock.Lock() defer enforcerLock.Unlock() modelFile := filepath.Join(AdminRepoPath(), modelFilename) policyFile := filepath.Join(AdminRepoPath(), policyFilename) zap.S().Debugf("reading model from %q", modelFile) zap.S().Debugf("reading policy from %q", policyFile) e, err := casbin.NewEnforcer(modelFile, policyFile) if err != nil { zap.S().Errorf("failed to create new enforcer: %v", err) return err } enforcer = e return nil }
