Giters

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

Home Page:https://about.gitea.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Multiple JSONs returned when doing DELETE on /v1/user/keys/2 with a non-existing key

ludovicianul opened this issue · comments

commented

Description

While doing some fuzzing using https://github.com/Endava/cats I discovered an issue for the /v1/user/keys/ endpoint. Doing a DELETE with non existing key return 2 JSONs in the same body.

{
    "message": "",
    "url": "https://try.gitea.io/api/swagger"
}
{
    "errors": null,
    "message": "The target couldn't be found.",
    "url": "https://try.gitea.io/api/swagger"
}

You can reproduce the issue using (just replace $token with your own token):

cats replay Test243.json

Or doing a curl at https://try.gitea.io/api/v1/user/keys/2 for example.
Test243.json.zip

Gitea Version

1.17.0+dev-423-g4396d0e7c

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Using https://try.gitea.io/.

Database

No response

commented

Well, a return is lost in code again