Add black list and white list support for migrating repositories

[lunny]

This PR will add two options blacklist and whitelist for migrating repositories from external URLs.

When you set whitelist then blacklist will be ignored and all users on this gitea instance could only migrate repositories from the domains on whitelist.

When whitelist is empty and you have domains on blacklist, all users on this gitea instance could migrate repositories any domain except the domains on blacklist.

[guillep2k]

Missing EOL

[guillep2k]

Why check the protocol? This will let ftp:, git: and ssh: pass if one day they are supported. Perhaps it's better to check if the url is local and make any other protocol go through whitelisting/blacklisting.

[guillep2k]

Perhaps a translatable error should be better?

[guillep2k]

This error will show up when the instance starts, right? I mean, the admin needs to see the errors as soon as possible.

[lunny]

Yes. It will display when gitea start.

[guillep2k]

A new rebase + make fmt to pick up the latest changes?

[codecov-io]

Codecov Report

Merging #8040 into master will increase coverage by <.01%.
The diff coverage is 48.27%.

@@            Coverage Diff             @@
##           master    #8040      +/-   ##
==========================================
+ Coverage   41.81%   41.81%   +<.01%     
==========================================
  Files         482      484       +2     
  Lines       64557    64615      +58     
==========================================
+ Hits        26993    27018      +25     
- Misses      34095    34121      +26     
- Partials     3469     3476       +7

Impacted Files	Coverage Δ
modules/setting/migrate.go	0% <0%> (ø)
routers/init.go	65.78% <25%> (-2.27%)	⬇️
modules/matchlist/matchlist.go	47.36% <47.36%> (ø)
modules/migrations/migrate.go	27% <60%> (+5.82%)	⬆️
models/unit.go	62.16% <0%> (-5.41%)	⬇️
modules/process/manager.go	76.81% <0%> (-4.35%)	⬇️
models/repo_list.go	74.14% <0%> (+0.97%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3fd0eec...cdff51c. Read the comment docs.

[lunny]

@guillep2k done.

[guillep2k]

Suggested change

	rg, err := glob.Compile(rule)
	rg, err := glob.Compile(rule,[]string{".","/"})

I think that separators should work better if specified, so the tokenization is aware of the different parts of the glob.

[guillep2k]

Some case normalization should be used. For instance, if I black list: "google.com", someone could work around that by using "GOOGLE.COM".

[guillep2k]

Thinking about it, I can set up a DNS of mine pointing to whatever site I want and make it work around the domain blacklist.

For example, the administrator wants to blacklist google.com (currently 172.217.30.238 for me); if I have access to a subdomain (e.g. myuser.dyndns.org), I could set up that to point to 172.217.30.238. Gitea wouldn't know anything about my setup, so I can import from myuser.dyndns.org (actually google.com) freely.

This is not easy to do, but we should be aware of the limitations of this kind of black list.
I think white list is much safer.
EDIT: rewording for clarity

I know domain aliasing is not an easy problem to solve for the blacklist functionality, but we should at least know that there's such vulnerability.
The whitelist part of this PR is OK from the safety point of view.

[lafriks]

@guillep2k in this PR there is also support for whitelist

[guillep2k]

@guillep2k in this PR there is also support for whitelist

@lafriks Yes. The whitelist part is OK. The blacklist part has some holes, as noted above. I think they require some rework.

[stale]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you for your contributions.

[aschrijver]

I maintain awesome-humane-tech and was advised to use ‘blocklist’ and ‘allowlist’ terminology instead (from a better inclusion / diversity perspective), and I wonder whether that would be better here too.

From WikiDiff:

blacklist: (legal) a list or collection of people or entities to be shunned or banned.

blocklist: (computing) a list of websites or other material to be blocked.

(and see also: http://garysaid.com/are-the-terms-whitelist-and-blacklist-racist/ )

Edit: See also IETF Recommendation (draft)

[6543]

@lunny do you work on this or should I catch it up?

[lunny]

@6543 Please pick it up.

[6543]

follow up pull: #13610

[aschrijver]

Thank you for switching terminology, much appreciated 🙏