Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0dbe3cb0
Commit
0dbe3cb0
authored
Mar 18, 2020
by
Rajendra Kadam
Committed by
Peter Leitzen
Mar 18, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add revision param validator
parent
a501b2f7
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
76 additions
and
0 deletions
+76
-0
changelogs/unreleased/ref-params-validator.yml
changelogs/unreleased/ref-params-validator.yml
+5
-0
lib/api/helpers/custom_validators.rb
lib/api/helpers/custom_validators.rb
+30
-0
spec/lib/api/helpers/custom_validators_spec.rb
spec/lib/api/helpers/custom_validators_spec.rb
+41
-0
No files found.
changelogs/unreleased/ref-params-validator.yml
0 → 100644
View file @
0dbe3cb0
---
title
:
Add grape custom validator for git reference params
merge_request
:
26102
author
:
Rajendra Kadam
type
:
added
lib/api/helpers/custom_validators.rb
View file @
0dbe3cb0
...
@@ -56,6 +56,35 @@ module API
...
@@ -56,6 +56,35 @@ module API
message:
"should be an array, 'None' or 'Any'"
message:
"should be an array, 'None' or 'Any'"
end
end
end
end
class
GitRef
<
Grape
::
Validations
::
Base
# There are few checks that a Git reference should pass through to be valid reference.
# The link contains some rules that have been added to this validator.
# https://mirrors.edge.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
# We have skipped some checks that are optional and can be skipped for exception.
# We also check for control characters, More info on ctrl chars - https://ruby-doc.org/core-2.7.0/Regexp.html#class-Regexp-label-Character+Classes
INVALID_CHARS
=
Regexp
.
union
(
'..'
,
'\\'
,
'@'
,
'@{'
,
' '
,
'~'
,
'^'
,
':'
,
'*'
,
'?'
,
'['
,
/[[:cntrl:]]/
).
freeze
GIT_REF_LENGTH
=
(
1
..
1024
).
freeze
def
validate_param!
(
attr_name
,
params
)
revision
=
params
[
attr_name
]
return
unless
invalid_character?
(
revision
)
raise
Grape
::
Exceptions
::
Validation
,
params:
[
@scope
.
full_name
(
attr_name
)],
message:
'should be a valid reference path'
end
private
def
invalid_character?
(
revision
)
revision
.
nil?
||
revision
.
start_with?
(
'-'
)
||
revision
.
end_with?
(
'.'
)
||
GIT_REF_LENGTH
.
exclude?
(
revision
.
length
)
||
INVALID_CHARS
.
match?
(
revision
)
end
end
end
end
end
end
end
end
...
@@ -65,3 +94,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators
...
@@ -65,3 +94,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators
Grape
::
Validations
.
register_validator
(
:absence
,
::
API
::
Helpers
::
CustomValidators
::
Absence
)
Grape
::
Validations
.
register_validator
(
:absence
,
::
API
::
Helpers
::
CustomValidators
::
Absence
)
Grape
::
Validations
.
register_validator
(
:integer_none_any
,
::
API
::
Helpers
::
CustomValidators
::
IntegerNoneAny
)
Grape
::
Validations
.
register_validator
(
:integer_none_any
,
::
API
::
Helpers
::
CustomValidators
::
IntegerNoneAny
)
Grape
::
Validations
.
register_validator
(
:array_none_any
,
::
API
::
Helpers
::
CustomValidators
::
ArrayNoneAny
)
Grape
::
Validations
.
register_validator
(
:array_none_any
,
::
API
::
Helpers
::
CustomValidators
::
ArrayNoneAny
)
Grape
::
Validations
.
register_validator
(
:git_ref
,
::
API
::
Helpers
::
CustomValidators
::
GitRef
)
spec/lib/api/helpers/custom_validators_spec.rb
View file @
0dbe3cb0
...
@@ -61,6 +61,47 @@ describe API::Helpers::CustomValidators do
...
@@ -61,6 +61,47 @@ describe API::Helpers::CustomValidators do
end
end
end
end
describe
API
::
Helpers
::
CustomValidators
::
GitRef
do
subject
do
described_class
.
new
([
'test'
],
{},
false
,
scope
.
new
)
end
context
'valid revision param'
do
it
'does not raise a validation error'
do
expect_no_validation_error
(
'test'
=>
'4e963fe'
)
expect_no_validation_error
(
'test'
=>
'foo/bar/baz'
)
expect_no_validation_error
(
'test'
=>
"heads/fu
\303\237
"
)
expect_no_validation_error
(
'test'
=>
'a'
*
1024
)
end
end
context
"revision param contains invalid chars"
do
it
'raises a validation error'
do
expect_validation_error
(
'test'
=>
'-4e963fe'
)
expect_validation_error
(
'test'
=>
'4e963fe..ed4ef'
)
expect_validation_error
(
'test'
=>
'4e96\3fe'
)
expect_validation_error
(
'test'
=>
'4e96@3fe'
)
expect_validation_error
(
'test'
=>
'4e9@{63fe'
)
expect_validation_error
(
'test'
=>
'4e963 fe'
)
expect_validation_error
(
'test'
=>
'4e96~3fe'
)
expect_validation_error
(
'test'
=>
'^4e963fe'
)
expect_validation_error
(
'test'
=>
'4:e963fe'
)
expect_validation_error
(
'test'
=>
'4e963fe.'
)
expect_validation_error
(
'test'
=>
'heads/foo..bar'
)
expect_validation_error
(
'test'
=>
'foo/bar/.'
)
expect_validation_error
(
'test'
=>
'heads/v@{ation'
)
expect_validation_error
(
'test'
=>
'refs/heads/foo.'
)
expect_validation_error
(
'test'
=>
'heads/foo\bar'
)
expect_validation_error
(
'test'
=>
'heads/f[/bar'
)
expect_validation_error
(
'test'
=>
"heads/foo
\t
"
)
expect_validation_error
(
'test'
=>
"heads/foo
\177
"
)
expect_validation_error
(
'test'
=>
"
#{
'a'
*
1025
}
"
)
expect_validation_error
(
'test'
=>
nil
)
expect_validation_error
(
'test'
=>
''
)
end
end
end
describe
API
::
Helpers
::
CustomValidators
::
FilePath
do
describe
API
::
Helpers
::
CustomValidators
::
FilePath
do
subject
do
subject
do
described_class
.
new
([
'test'
],
{},
false
,
scope
.
new
)
described_class
.
new
([
'test'
],
{},
false
,
scope
.
new
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment