gitlab-org--gitlab-foss/lib/gitlab/checks/diff_check.rb
2018-12-11 17:39:32 +01:00

100 lines
2.7 KiB
Ruby

# frozen_string_literal: true
module Gitlab
module Checks
class DiffCheck < BaseChecker
include Gitlab::Utils::StrongMemoize
LOG_MESSAGES = {
validate_file_paths: "Validating diffs' file paths...",
diff_content_check: "Validating diff contents..."
}.freeze
def validate!
return if deletion? || newrev.nil?
return unless should_run_diff_validations?
return if commits.empty?
return unless uses_raw_delta_validations?
file_paths = []
process_raw_deltas do |diff|
file_paths << (diff.new_path || diff.old_path)
validate_diff(diff)
end
validate_file_paths(file_paths)
end
private
def should_run_diff_validations?
newrev && oldrev && !deletion? && validate_lfs_file_locks?
end
def validate_lfs_file_locks?
strong_memoize(:validate_lfs_file_locks) do
project.lfs_enabled? && project.any_lfs_file_locks?
end
end
def uses_raw_delta_validations?
validations_for_diff.present? || path_validations.present?
end
def validate_diff(diff)
validations_for_diff.each do |validation|
if error = validation.call(diff)
raise ::Gitlab::GitAccess::UnauthorizedError, error
end
end
end
# Method overwritten in EE to inject custom validations
def validations_for_diff
[]
end
def path_validations
validate_lfs_file_locks? ? [lfs_file_locks_validation] : []
end
def process_raw_deltas
logger.log_timed(LOG_MESSAGES[:diff_content_check]) do
# n+1: https://gitlab.com/gitlab-org/gitlab-ee/issues/3593
::Gitlab::GitalyClient.allow_n_plus_1_calls do
commits.each do |commit|
logger.check_timeout_reached
commit.raw_deltas.each do |diff|
yield(diff)
end
end
end
end
end
def validate_file_paths(file_paths)
logger.log_timed(LOG_MESSAGES[__method__]) do
path_validations.each do |validation|
if error = validation.call(file_paths)
raise ::Gitlab::GitAccess::UnauthorizedError, error
end
end
end
end
# rubocop: disable CodeReuse/ActiveRecord
def lfs_file_locks_validation
lambda do |paths|
lfs_lock = project.lfs_file_locks.where(path: paths).where.not(user_id: user_access.user.id).take
if lfs_lock
return "The path '#{lfs_lock.path}' is locked in Git LFS by #{lfs_lock.user.name}"
end
end
end
# rubocop: enable CodeReuse/ActiveRecord
end
end
end