kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Handle CR and LF characters

Browse source
This commit is contained in:
Michael Kozono 2017-09-20 15:25:30 -07:00
parent 1e7ff892c0
commit f610fea777
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
lib/gitlab/ldap/dn.rb
View file

@ -225,6 +225,12 @@ module Gitlab
# if necessary (i.e. leading or trailing space). # if necessary (i.e. leading or trailing space).
NORMAL_ESCAPES = [',', '+', '"', '\\', '<', '>', ';', '='] NORMAL_ESCAPES = [',', '+', '"', '\\', '<', '>', ';', '=']
# The following must be represented as escaped hex
HEX_ESCAPES = {
"\n" => '\0a',
"\r" => '\0d'
}
# Compiled character class regexp using the keys from the above hash, and # Compiled character class regexp using the keys from the above hash, and
# checking for a space or # at the start, or space at the end, of the # checking for a space or # at the start, or space at the end, of the
# string. # string.
@ -232,10 +238,15 @@ module Gitlab
NORMAL_ESCAPES.map { |e| Regexp.escape(e) }.join + NORMAL_ESCAPES.map { |e| Regexp.escape(e) }.join +
"])") "])")
HEX_ESCAPE_RE = Regexp.new("([" +
HEX_ESCAPES.keys.map { |e| Regexp.escape(e) }.join +
"])")
## ##
# Escape a string for use in a DN value # Escape a string for use in a DN value
def self.escape(string) def self.escape(string)
string.gsub(ESCAPE_RE) { |char| "\\" + char } escaped = string.gsub(ESCAPE_RE) { |char| "\\" + char }
escaped.gsub(HEX_ESCAPE_RE) { |char| HEX_ESCAPES[char] }
end end
## ##

3
spec/lib/gitlab/ldap/dn_spec.rb
View file

@ -31,6 +31,9 @@ describe Gitlab::LDAP::DN do
'converts an escaped hex equal sign to an escaped equal sign in an attribute value' | 'uid= foo \\3D bar' | 'uid=foo \\= bar' 'converts an escaped hex equal sign to an escaped equal sign in an attribute value' | 'uid= foo \\3D bar' | 'uid=foo \\= bar'
'does not modify an escaped comma in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\, CA' | 'uid=john c. smith,ou=san francisco\\, ca' 'does not modify an escaped comma in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\, CA' | 'uid=john c. smith,ou=san francisco\\, ca'
'converts an escaped hex comma to an escaped comma in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\2C CA' | 'uid=john c. smith,ou=san francisco\\, ca' 'converts an escaped hex comma to an escaped comma in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\2C CA' | 'uid=john c. smith,ou=san francisco\\, ca'
'does not modify an escaped hex carriage return character in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\,\\0DCA' | 'uid=john c. smith,ou=san francisco\\,\\0dca'
'does not modify an escaped hex line feed character in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\,\\0ACA' | 'uid=john c. smith,ou=san francisco\\,\\0aca'
'does not modify an escaped hex CRLF in an attribute value' | 'uid= John C. Smith, ou=San Francisco\\,\\0D\\0ACA' | 'uid=john c. smith,ou=san francisco\\,\\0d\\0aca'
end end
with_them do with_them do