Merge branch 'wrong_number_of_arguments' into 'master'

Handle invalid number of arguments

See merge request !37

CHANGELOG

 v1.9.8
   - Replace raise with abort when checking path to prevent path exposure
+  - Handle invalid number of arguments on remote commands
 
 v1.9.7
   - Increased test coverage

lib/gitlab_shell.rb

@@ -3,6 +3,8 @@ require 'shellwords'
 require_relative 'gitlab_net'
 
 class GitlabShell
+  class DisallowedCommandError < StandardError; end
+
   attr_accessor :key_id, :repo_name, :git_cmd, :repos_path, :repo_name
 
   def initialize
@@ -28,19 +30,22 @@ class GitlabShell
           $stderr.puts "Access denied."
         end
       else
-        message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}."
-        $logger.warn message
-        puts 'Not allowed command'
+        raise DisallowedCommandError
       end
     else
       puts "Welcome to GitLab, #{username}!"
     end
+  rescue DisallowedCommandError => ex
+    message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}."
+    $logger.warn message
+    puts 'Not allowed command'
   end
 
   protected
 
   def parse_cmd
     args = Shellwords.shellwords(@origin_cmd)
+    raise DisallowedCommandError unless args.count == 2
     @git_cmd = args[0]
     @repo_name = escape_path(args[1])
   end

spec/gitlab_shell_spec.rb

@@ -48,6 +48,14 @@ describe GitlabShell do
       its(:repo_name) { should == 'dmitriy.zaporozhets/gitlab-ci.git' }
       its(:git_cmd) { should == 'git-upload-pack' }
     end
+
+    context 'with an invalid number of arguments' do
+      before { ssh_cmd 'foobar' }
+
+      it "should raise an DisallowedCommandError" do
+        expect { subject.send :parse_cmd }.to raise_error(GitlabShell::DisallowedCommandError)
+      end
+    end
   end
 
   describe :exec do