2020-04-02 12:08:18 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module API
|
|
|
|
module Validations
|
|
|
|
module Validators
|
|
|
|
class FilePath < Grape::Validations::Base
|
|
|
|
def validate_param!(attr_name, params)
|
2020-07-22 00:09:26 +00:00
|
|
|
options = @option.is_a?(Hash) ? @option : {}
|
|
|
|
path_allowlist = options.fetch(:allowlist, [])
|
2020-04-02 12:08:18 +00:00
|
|
|
path = params[attr_name]
|
2022-03-03 00:20:18 +00:00
|
|
|
Gitlab::Utils.check_allowed_absolute_path_and_path_traversal!(path, path_allowlist)
|
2021-04-26 12:09:44 +00:00
|
|
|
rescue StandardError
|
2020-12-10 12:09:43 +00:00
|
|
|
raise Grape::Exceptions::Validation.new(
|
|
|
|
params: [@scope.full_name(attr_name)],
|
|
|
|
message: "should be a valid file path"
|
|
|
|
)
|
2020-04-02 12:08:18 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|