Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7cb0e02a
Commit
7cb0e02a
authored
Mar 23, 2020
by
allison.browne
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Raise error on path traversal in UploadsRewriter
parent
5e05c233
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
17 additions
and
0 deletions
+17
-0
changelogs/unreleased/security-path-traversal-master.yml
changelogs/unreleased/security-path-traversal-master.yml
+5
-0
lib/gitlab/gfm/uploads_rewriter.rb
lib/gitlab/gfm/uploads_rewriter.rb
+2
-0
spec/lib/gitlab/gfm/uploads_rewriter_spec.rb
spec/lib/gitlab/gfm/uploads_rewriter_spec.rb
+10
-0
No files found.
changelogs/unreleased/security-path-traversal-master.yml
0 → 100644
View file @
7cb0e02a
---
title
:
Fix UploadRewriter Path Traversal vulnerability
merge_request
:
author
:
type
:
security
lib/gitlab/gfm/uploads_rewriter.rb
View file @
7cb0e02a
...
...
@@ -22,6 +22,8 @@ module Gitlab
return
@text
unless
needs_rewrite?
@text
.
gsub
(
@pattern
)
do
|
markdown
|
Gitlab
::
Utils
.
check_path_traversal!
(
$~
[
:file
])
file
=
find_file
(
@source_project
,
$~
[
:secret
],
$~
[
:file
])
break
markdown
unless
file
.
try
(
:exists?
)
...
...
spec/lib/gitlab/gfm/uploads_rewriter_spec.rb
View file @
7cb0e02a
...
...
@@ -68,6 +68,16 @@ describe Gitlab::Gfm::UploadsRewriter do
expect
(
moved_text
.
scan
(
/\A\[.*?\]/
).
count
).
to
eq
(
1
)
end
context
'path traversal in file name'
do
let
(
:text
)
do
"![a](/uploads/11111111111111111111111111111111/../../../../../../../../../../../../../../etc/passwd)"
end
it
'throw an error'
do
expect
{
rewriter
.
rewrite
(
new_project
)
}.
to
raise_error
(
an_instance_of
(
StandardError
).
and
having_attributes
(
message:
"Invalid path"
))
end
end
context
"file are stored locally"
do
include_examples
"files are accessible"
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment