Commit graph

4 commits

Author SHA1 Message Date
GitLab Bot
e5e0589e09 Add latest changes from gitlab-org/gitlab@master 2021-04-26 12:09:44 +00:00
GitLab Bot
f574f9a14b Add latest changes from gitlab-org/gitlab@master 2020-09-29 03:09:57 +00:00
Stan Hu
fc5ebc3cb8
Fix uninitialized constant with GitLab Pages deploy
pages:deploy step was failing with the following error:

```
unitialized constant SafeZip::Extract::Zip
```

Since license_finder already pulls in rubyzip, we can make it
a required gem. We also use the scope operator to make the reference to
Zip::File explicit.
2019-01-31 16:52:51 +01:00
Kamil Trzciński
66744469d4
Extract GitLab Pages using RubyZip
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.

We introduce the following additional checks
to extract routines:

1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
   like `public/`,
4. The symlink source needs to exist ahead of time.
2019-01-31 16:52:48 +01:00