Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
df411486
Commit
df411486
authored
Jan 02, 2016
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve path sanitization in `StringPath`
parent
a3191463
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
13 additions
and
15 deletions
+13
-15
app/models/ci/build.rb
app/models/ci/build.rb
+5
-5
lib/gitlab/string_path.rb
lib/gitlab/string_path.rb
+8
-9
spec/lib/gitlab/string_path_spec.rb
spec/lib/gitlab/string_path_spec.rb
+0
-1
No files found.
app/models/ci/build.rb
View file @
df411486
...
@@ -352,15 +352,15 @@ module Ci
...
@@ -352,15 +352,15 @@ module Ci
def
artifacts_metadata_for_path
(
path
)
def
artifacts_metadata_for_path
(
path
)
return
[]
unless
artifacts_metadata
.
exists?
return
[]
unless
artifacts_metadata
.
exists?
paths
,
metadata
=
[],
[]
paths
,
metadata
=
[],
[]
meta_path
=
path
.
sub
(
/^\.\//
,
''
)
metadata_path
=
path
.
sub
(
/^\.\//
,
''
)
File
.
open
(
artifacts_metadata
.
path
)
do
|
file
|
File
.
open
(
artifacts_metadata
.
path
)
do
|
file
|
gzip
=
Zlib
::
GzipReader
.
new
(
file
)
gzip
=
Zlib
::
GzipReader
.
new
(
file
)
gzip
.
each_line
do
|
line
|
gzip
.
each_line
do
|
line
|
if
line
=~
%r{^
#{
meta_path
}
[^/
]+/?
\s
}
if
line
=~
%r{^
#{
Regexp
.
escape
(
metadata_path
)
}
[^/
\s
]+/?
\s
}
path
,
meta
=
line
.
split
(
' '
)
matched_path
,
matched_
meta
=
line
.
split
(
' '
)
paths
<<
path
paths
<<
matched_
path
metadata
<<
JSON
.
parse
(
meta
)
metadata
<<
JSON
.
parse
(
m
atched_m
eta
)
end
end
end
end
gzip
.
close
gzip
.
close
...
...
lib/gitlab/string_path.rb
View file @
df411486
...
@@ -57,7 +57,7 @@ module Gitlab
...
@@ -57,7 +57,7 @@ module Gitlab
def
descendants
def
descendants
return
[]
unless
directory?
return
[]
unless
directory?
select
{
|
entry
|
entry
=~
/^
#{
@path
}
.+/
}
select
{
|
entry
|
entry
=~
/^
#{
Regexp
.
escape
(
@path
)
}
.+/
}
end
end
def
children
def
children
...
@@ -65,7 +65,7 @@ module Gitlab
...
@@ -65,7 +65,7 @@ module Gitlab
return
@children
if
@children
return
@children
if
@children
@children
=
select
do
|
entry
|
@children
=
select
do
|
entry
|
self
.
class
.
child?
(
@path
,
entry
)
entry
=~
%r{^
#{
Regexp
.
escape
(
@path
)
}
[^/
\s
]+/?$}
end
end
end
end
...
@@ -75,7 +75,7 @@ module Gitlab
...
@@ -75,7 +75,7 @@ module Gitlab
end
end
def
directories!
def
directories!
has_parent?
?
directories
.
prepend
(
new
(
@path
+
'../'
)
)
:
directories
has_parent?
?
directories
.
prepend
(
parent
)
:
directories
end
end
def
files
def
files
...
@@ -115,13 +115,12 @@ module Gitlab
...
@@ -115,13 +115,12 @@ module Gitlab
# It looks like Pathname#new doesn't touch a file system,
# It looks like Pathname#new doesn't touch a file system,
# neither Pathname#cleanpath does, so it is, hopefully, filesystem safe
# neither Pathname#cleanpath does, so it is, hopefully, filesystem safe
clean
=
Pathname
.
new
(
path
).
cleanpath
.
to_s
clean_path
=
Pathname
.
new
(
path
).
cleanpath
.
to_s
raise
ArgumentError
,
'Invalid path'
if
clean
.
start_with?
(
'../'
)
raise
ArgumentError
,
'Invalid path'
if
clean_path
.
start_with?
(
'../'
)
clean
+
(
path
.
end_with?
(
'/'
)
?
'/'
:
''
)
end
def
self
.
child?
(
path
,
entry
)
prefix
=
'./'
unless
clean_path
=~
%r{^[
\.
|/]}
entry
=~
%r{^
#{
path
}
[^/
\s
]+/?$}
suffix
=
'/'
if
path
.
end_with?
(
'/'
)
||
clean_path
=~
/^[\.|\.\.]$/
prefix
.
to_s
+
clean_path
+
suffix
.
to_s
end
end
end
end
end
end
spec/lib/gitlab/string_path_spec.rb
View file @
df411486
...
@@ -45,7 +45,6 @@ describe Gitlab::StringPath do
...
@@ -45,7 +45,6 @@ describe Gitlab::StringPath do
it
{
is_expected
.
to
be_directory
}
it
{
is_expected
.
to
be_directory
}
it
{
is_expected
.
to
be_relative
}
it
{
is_expected
.
to
be_relative
}
it
{
is_expected
.
to
have_parent
}
end
end
describe
'path/dir_1/'
,
path:
'path/dir_1/'
do
describe
'path/dir_1/'
,
path:
'path/dir_1/'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment