Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-shell
Commits
ae21774c
Commit
ae21774c
authored
Aug 05, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Defense in depth for authorized_keys lines
parent
7837894a
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
31 additions
and
0 deletions
+31
-0
lib/gitlab_keys.rb
lib/gitlab_keys.rb
+5
-0
spec/gitlab_keys_spec.rb
spec/gitlab_keys_spec.rb
+26
-0
No files found.
lib/gitlab_keys.rb
View file @
ae21774c
...
...
@@ -4,13 +4,18 @@ require_relative 'gitlab_config'
require_relative
'gitlab_logger'
class
GitlabKeys
class
KeyError
<
StandardError
;
end
attr_accessor
:auth_file
,
:key
def
self
.
command
(
key_id
)
raise
KeyError
.
new
(
"Invalid key_id:
#{
key_id
.
inspect
}
"
)
unless
/\A[a-z0-9-]+\z/
.
match
(
key_id
)
"
#{
ROOT_PATH
}
/bin/gitlab-shell
#{
key_id
}
"
end
def
self
.
key_line
(
key_id
,
public_key
)
public_key
.
chomp!
raise
KeyError
.
new
(
"Invalid public_key:
#{
public_key
.
inspect
}
"
)
if
public_key
.
include?
(
"
\n
"
)
"command=
\"
#{
command
(
key_id
)
}
\"
,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
#{
public_key
}
"
end
...
...
spec/gitlab_keys_spec.rb
View file @
ae21774c
...
...
@@ -7,6 +7,32 @@ describe GitlabKeys do
$logger
=
double
(
'logger'
).
as_null_object
end
describe
'.command'
do
it
'returns the "command" part of the key line'
do
command
=
"
#{
ROOT_PATH
}
/bin/gitlab-shell key-123"
expect
(
described_class
.
command
(
'key-123'
)).
to
eq
(
command
)
end
it
'raises KeyError on invalid input'
do
expect
{
described_class
.
command
(
"
\n
ssh-rsa AAA"
)
}.
to
raise_error
(
GitlabKeys
::
KeyError
)
end
end
describe
'.key_line'
do
let
(
:line
)
{
%(command="#{ROOT_PATH}/bin/gitlab-shell key-741",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E)
}
it
'returns the key line'
do
expect
(
described_class
.
key_line
(
'key-741'
,
'ssh-rsa AAAAB3NzaDAxx2E'
)).
to
eq
(
line
)
end
it
'silently removes a trailing newline'
do
expect
(
described_class
.
key_line
(
'key-741'
,
"ssh-rsa AAAAB3NzaDAxx2E
\n
"
)).
to
eq
(
line
)
end
it
'raises KeyError on invalid input'
do
expect
{
described_class
.
key_line
(
'key-741'
,
"ssh-rsa AAA
\n
ssh-rsa AAA"
)
}.
to
raise_error
(
GitlabKeys
::
KeyError
)
end
end
describe
:initialize
do
let
(
:gitlab_keys
)
{
build_gitlab_keys
(
'add-key'
,
'key-741'
,
'ssh-rsa AAAAB3NzaDAxx2E'
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
