Merge branch 'sh-validate-ref-name-in-commit' into 'master'
Validate refs used in controllers don't have spaces Closes #58572 and gitaly#1425 See merge request gitlab-org/gitlab-ce!24037
This commit is contained in:
commit
b40ea0f1e2
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Validate refs used in controllers don't have spaces
|
||||||
|
merge_request: 24037
|
||||||
|
author:
|
||||||
|
type: other
|
|
@ -113,6 +113,9 @@ module ExtractsPath
|
||||||
@id = get_id
|
@id = get_id
|
||||||
@ref, @path = extract_ref(@id)
|
@ref, @path = extract_ref(@id)
|
||||||
@repo = @project.repository
|
@repo = @project.repository
|
||||||
|
@ref.strip!
|
||||||
|
|
||||||
|
raise InvalidPathError if @ref.match?(/\s/)
|
||||||
|
|
||||||
@commit = @repo.commit(@ref)
|
@commit = @repo.commit(@ref)
|
||||||
|
|
||||||
|
|
|
@ -74,6 +74,26 @@ describe Projects::TreeController do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'GET show with whitespace in ref' do
|
||||||
|
render_views
|
||||||
|
|
||||||
|
let(:id) { "this ref/api/responses" }
|
||||||
|
|
||||||
|
it 'does not call make a Gitaly request' do
|
||||||
|
allow(::Gitlab::GitalyClient).to receive(:call).and_call_original
|
||||||
|
expect(::Gitlab::GitalyClient).not_to receive(:call).with(anything, :commit_service, :find_commit, anything, anything)
|
||||||
|
|
||||||
|
get(:show,
|
||||||
|
params: {
|
||||||
|
namespace_id: project.namespace.to_param,
|
||||||
|
project_id: project,
|
||||||
|
id: id
|
||||||
|
})
|
||||||
|
|
||||||
|
expect(response).to have_gitlab_http_status(:not_found)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'GET show with blob path' do
|
describe 'GET show with blob path' do
|
||||||
render_views
|
render_views
|
||||||
|
|
||||||
|
|
|
@ -44,6 +44,36 @@ describe ExtractsPath do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'ref contains trailing space' do
|
||||||
|
let(:ref) { 'master ' }
|
||||||
|
|
||||||
|
it 'strips surrounding space' do
|
||||||
|
assign_ref_vars
|
||||||
|
|
||||||
|
expect(@ref).to eq('master')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'ref contains leading space' do
|
||||||
|
let(:ref) { ' master ' }
|
||||||
|
|
||||||
|
it 'strips surrounding space' do
|
||||||
|
assign_ref_vars
|
||||||
|
|
||||||
|
expect(@ref).to eq('master')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'ref contains space in the middle' do
|
||||||
|
let(:ref) { 'master plan ' }
|
||||||
|
|
||||||
|
it 'returns 404' do
|
||||||
|
expect(self).to receive(:render_404)
|
||||||
|
|
||||||
|
assign_ref_vars
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'path contains space' do
|
context 'path contains space' do
|
||||||
let(:params) { { path: 'with space', ref: '38008cb17ce1466d8fec2dfa6f6ab8dcfe5cf49e' } }
|
let(:params) { { path: 'with space', ref: '38008cb17ce1466d8fec2dfa6f6ab8dcfe5cf49e' } }
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue