Affected by GO-2022-0450 and 17 other vulnerabilities

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

environment-to-ini

command

v1.16.4 Latest Latest Go to latest Published: Mar 14, 2022 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-gitea/gitea

README ¶

Environment To Ini
==================

Multiple docker users have requested that the Gitea docker is changed
to permit arbitrary configuration via environment variables.

Gitea needs to use an ini file for configuration because the running
environment that starts the docker may not be the same as that used
by the hooks. An ini file also gives a good default and means that
users do not have to completely provide a full environment.

With those caveats above, this command provides a generic way of
converting suitably structured environment variables into any ini
value.

To use the command is very simple just run it and the default gitea
app.ini will be rewritten to take account of the variables provided,
however there are various options to give slightly different
behavior and these can be interrogated with the `-h` option.

The environment variables should be of the form:

	GITEA__SECTION_NAME__KEY_NAME

Note, SECTION_NAME in the notation above is case-insensitive.

Environment variables are usually restricted to a reduced character
set "0-9A-Z_" - in order to allow the setting of sections with
characters outside of that set, they should be escaped as following:
"_0X2E_" for "." and "_0X2D_" for "-". The entire section and key names 
can be escaped as a UTF8 byte string if necessary. E.g. to configure:

	"""
	...
	[log.console]
	COLORIZE=false
	STDERR=true
	...
	"""

You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
on the configuration cheat sheet.

To build locally, run:

	go build contrib/environment-to-ini/environment-to-ini.go

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

environment-to-ini.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL