Commit bbbf78a3 authored by Stan Hu's avatar Stan Hu

Merge branch '209940-geo-fails-to-sync-file-uploads-with-improper-formatted-path' into 'master'

Fix incorrect regex used in FileUploader#extract_dynamic_path

Closes #209940

See merge request gitlab-org/gitlab!28683
parents cb47a241 5a5e3380
......@@ -15,7 +15,7 @@ class FileUploader < GitlabUploader
prepend ObjectStorage::Extension::RecordsUploads
MARKDOWN_PATTERN = %r{\!?\[.*?\]\(/uploads/(?<secret>[0-9a-f]{32})/(?<file>.*?)\)}.freeze
DYNAMIC_PATH_PATTERN = %r{.*(?<secret>\h{32})/(?<identifier>.*)}.freeze
DYNAMIC_PATH_PATTERN = %r{.*/(?<secret>\h{10,32})/(?<identifier>.*)}.freeze
VALID_SECRET_PATTERN = %r{\A\h{10,32}\z}.freeze
InvalidSecret = Class.new(StandardError)
......
---
title: Fix incorrect regex used in FileUploader#extract_dynamic_path
merge_request: 28683
author:
type: fixed
......@@ -145,11 +145,39 @@ describe FileUploader do
end
describe '.extract_dynamic_path' do
it 'works with hashed storage' do
path = 'export/4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a/test/uploads/72a497a02fe3ee09edae2ed06d390038/dummy.txt'
context 'with a 32-byte hexadecimal secret in the path' do
let(:secret) { SecureRandom.hex }
let(:path) { "export/4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a/test/uploads/#{secret}/dummy.txt" }
expect(described_class.extract_dynamic_path(path)[:identifier]).to eq('dummy.txt')
expect(described_class.extract_dynamic_path(path)[:secret]).to eq('72a497a02fe3ee09edae2ed06d390038')
it 'extracts the secret' do
expect(described_class.extract_dynamic_path(path)[:secret]).to eq(secret)
end
it 'extracts the identifier' do
expect(described_class.extract_dynamic_path(path)[:identifier]).to eq('dummy.txt')
end
end
context 'with a 10-byte hexadecimal secret in the path' do
let(:secret) { SecureRandom.hex(10) }
let(:path) { "export/4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a/test/uploads/#{secret}/dummy.txt" }
it 'extracts the secret' do
expect(described_class.extract_dynamic_path(path)[:secret]).to eq(secret)
end
it 'extracts the identifier' do
expect(described_class.extract_dynamic_path(path)[:identifier]).to eq('dummy.txt')
end
end
context 'with an invalid secret in the path' do
let(:secret) { 'foo' }
let(:path) { "export/4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a/test/uploads/#{secret}/dummy.txt" }
it 'returns nil' do
expect(described_class.extract_dynamic_path(path)).to be_nil
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment