kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app
History
Sean McGivern f5576b16ba Merge branch 'namespace-validation-fixes' into 'master' 
Correct namespace validation to forbid bad names #21077

## What does this MR do?
Updates master namespace regex to forbid any namespace ending in `.git` or `.atom` and corrects and adds relevant tests

## Are there points in the code the reviewer needs to double check?
I think it's all good. I could use help with the creation of tests for usernames with trailing `.atom` or `.git` as the testing framework is a bit over my head.

## Why was this MR needed?
A group that ends in `.atom` will cause the relevent dashboard to crash if the user (ANY user, not just the creator) has visibility of the group until it is deleted through the admin panel (it cannot be renamed, the edit page will crash. It may be fixable through the API, that wasn't checked.)

This allows a malicious user with group creation privileges to bulk add users to a group, rename the group to a bad name, and crash the groups dashboard for all members of the group. The same applies if the group is internal or public and users navigate to the explore tab of the groups dashboard.

The same applies to usernames ending in `.atom`.

In many places of the code, it implies that `.git` in not allowed at the end of namespaces, but many allowed it anyway. This MR forbids it everywhere to prevent potential issues (like the one with `.atom` going forward).

## What are the relevant issue numbers?
Group path validation incomplete, crashes groups dashboard #21077

## Does this MR meet the acceptance criteria?

- [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [X] Added for this feature/bug
  - [X] All builds are passing
- [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [X] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5994
2016-10-10 13:39:39 +00:00
..
assets Merge branch 'bpj-mr-loop' into 'master' 2016-10-10 12:52:51 +00:00
controllers Enable CacheMarkdownField for the remaining models 2016-10-07 02:54:26 +01:00
finders Refactor TrendingProjectsFinder to support caching 2016-10-05 16:39:03 +02:00
helpers Merge branch '22774-retouch-environments-deployments' into 'master' 2016-10-07 16:31:45 +00:00
mailers change determine conditions 2016-10-03 18:07:28 +08:00
models Merge branch 'namespace-validation-fixes' into 'master' 2016-10-10 13:39:39 +00:00
policies Improve project policy spec 2016-10-06 18:54:28 -03:00
services Change issue board defaults 2016-10-06 10:12:13 -05:00
uploaders
validators Add '.well-known' to the list of reserved namespaces 2016-09-29 10:36:38 +02:00
views Merge branch '23123-build-sidebar-selected-build' into 'master' 2016-10-10 12:54:25 +00:00
workers Merge branch '23096-expire-artifacts-per-job' into 'master' 2016-10-07 17:58:36 +00:00