Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
Description
As of 2.6.4 Stash seems to generate the clone URL entirely from the configured application "base URL" without checking the URL the user is actually using.
This seems dangerous.
Consider a staging/test environment where the base URL is initially pointing at production because the database was a snapshot of the production database. An inexperienced admin (or simple oversight) may mean that the base url never gets updated in the test environment.
Users visit the test environment and quickly clone and start doing test pushes. If they don't happen to catch the fact that the clone url actually points at production they may start accidentally pushing very destructive commands.
git push --force or git push --mirror
(git push --mirror, for example, isn't caught by the provided "block git force push" hook.)
I'm not sure how strict the checking should be, but maybe display a big warning banner and refuse to generate clone urls until the base url is updated to match the current url.
