Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kazuhiko Shiozaki
gitlab-ce
Commits
2be76355
Commit
2be76355
authored
Jan 12, 2016
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Support only valid UTF-8 paths in build artifacts browser
parent
ffee05c2
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
13 additions
and
5 deletions
+13
-5
lib/gitlab/ci/build/artifacts/metadata.rb
lib/gitlab/ci/build/artifacts/metadata.rb
+5
-3
lib/gitlab/ci/build/artifacts/metadata/path.rb
lib/gitlab/ci/build/artifacts/metadata/path.rb
+8
-2
spec/fixtures/ci_build_artifacts.zip
spec/fixtures/ci_build_artifacts.zip
+0
-0
spec/fixtures/ci_build_artifacts_metadata.gz
spec/fixtures/ci_build_artifacts_metadata.gz
+0
-0
No files found.
lib/gitlab/ci/build/artifacts/metadata.rb
View file @
2be76355
...
@@ -10,7 +10,8 @@ module Gitlab
...
@@ -10,7 +10,8 @@ module Gitlab
attr_reader
:file
,
:path
,
:full_version
attr_reader
:file
,
:path
,
:full_version
def
initialize
(
file
,
path
)
def
initialize
(
file
,
path
)
@file
,
@path
=
file
,
path
@file
=
file
@path
=
path
.
force_encoding
(
'ASCII-8BIT'
)
@full_version
=
read_version
@full_version
=
read_version
end
end
...
@@ -42,7 +43,7 @@ module Gitlab
...
@@ -42,7 +43,7 @@ module Gitlab
def
match_entries
(
gz
)
def
match_entries
(
gz
)
paths
,
metadata
=
[],
[]
paths
,
metadata
=
[],
[]
match_pattern
=
%r{^
#{
Regexp
.
escape
(
@path
)
}
[^/
\s
]*/?$}
match_pattern
=
%r{^
#{
Regexp
.
escape
(
@path
)
}
[^/]*/?$}
invalid_pattern
=
%r{(^
\.
?
\.
?/)|(/
\.
?
\.
?/)}
invalid_pattern
=
%r{(^
\.
?
\.
?/)|(/
\.
?
\.
?/)}
until
gz
.
eof?
do
until
gz
.
eof?
do
...
@@ -51,11 +52,12 @@ module Gitlab
...
@@ -51,11 +52,12 @@ module Gitlab
meta
=
read_string
(
gz
)
meta
=
read_string
(
gz
)
next
unless
path
=~
match_pattern
next
unless
path
=~
match_pattern
next
unless
path
.
force_encoding
(
'UTF-8'
).
valid_encoding?
next
if
path
=~
invalid_pattern
next
if
path
=~
invalid_pattern
paths
.
push
(
path
)
paths
.
push
(
path
)
metadata
.
push
(
JSON
.
parse
(
meta
.
chomp
,
symbolize_names:
true
))
metadata
.
push
(
JSON
.
parse
(
meta
.
chomp
,
symbolize_names:
true
))
rescue
JSON
::
ParserError
rescue
JSON
::
ParserError
,
Encoding
::
CompatibilityError
next
next
end
end
end
end
...
...
lib/gitlab/ci/build/artifacts/metadata/path.rb
View file @
2be76355
...
@@ -8,18 +8,24 @@ module Gitlab
...
@@ -8,18 +8,24 @@ module Gitlab
# This is IO-operations safe class, that does similar job to
# This is IO-operations safe class, that does similar job to
# Ruby's Pathname but without the risk of accessing filesystem.
# Ruby's Pathname but without the risk of accessing filesystem.
#
#
# This class is working only with UTF-8 encoded paths.
#
class
Path
class
Path
attr_reader
:path
,
:universe
attr_reader
:path
,
:universe
attr_accessor
:name
attr_accessor
:name
def
initialize
(
path
,
universe
,
metadata
=
[])
def
initialize
(
path
,
universe
,
metadata
=
[])
@path
=
path
@path
=
path
.
force_encoding
(
'UTF-8'
)
@universe
=
universe
@universe
=
universe
@metadata
=
metadata
@metadata
=
metadata
if
path
.
include?
(
"
\0
"
)
if
path
.
include?
(
"
\0
"
)
raise
ArgumentError
,
'Path contains zero byte character!'
raise
ArgumentError
,
'Path contains zero byte character!'
end
end
unless
path
.
valid_encoding?
raise
ArgumentError
,
'Path contains non-UTF-8 byte sequence!'
end
end
end
def
directory?
def
directory?
...
@@ -51,7 +57,7 @@ module Gitlab
...
@@ -51,7 +57,7 @@ module Gitlab
return
[]
unless
directory?
return
[]
unless
directory?
return
@children
if
@children
return
@children
if
@children
child_pattern
=
%r{^
#{
Regexp
.
escape
(
@path
)
}
[^/
\s
]+/?$}
child_pattern
=
%r{^
#{
Regexp
.
escape
(
@path
)
}
[^/]+/?$}
@children
=
select
{
|
entry
|
entry
=~
child_pattern
}
@children
=
select
{
|
entry
|
entry
=~
child_pattern
}
end
end
...
...
spec/fixtures/ci_build_artifacts.zip
View file @
2be76355
No preview for this file type
spec/fixtures/ci_build_artifacts_metadata.gz
View file @
2be76355
No preview for this file type
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment