Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
d6a7408f
Commit
d6a7408f
authored
5 years ago
by
Thong Kuah
Committed by
Douglas Barbosa Alexandre
5 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Explicitly reject non http(s) schemes
Rather than relying on NoMethodError deep inside faraday
parent
46ef4954
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
22 additions
and
2 deletions
+22
-2
lib/container_registry/client.rb
lib/container_registry/client.rb
+4
-1
spec/lib/container_registry/blob_spec.rb
spec/lib/container_registry/blob_spec.rb
+18
-1
No files found.
lib/container_registry/client.rb
View file @
d6a7408f
...
...
@@ -82,7 +82,10 @@ module ContainerRegistry
def
redirect_response
(
location
)
return
unless
location
faraday_redirect
.
get
(
location
)
uri
=
URI
(
@base_uri
).
merge
(
location
)
raise
ArgumentError
,
"Invalid scheme for
#{
location
}
"
unless
%w[http https]
.
include?
(
uri
.
scheme
)
faraday_redirect
.
get
(
uri
)
end
def
faraday
...
...
This diff is collapsed.
Click to expand it.
spec/lib/container_registry/blob_spec.rb
View file @
d6a7408f
...
...
@@ -112,11 +112,28 @@ describe ContainerRegistry::Blob do
end
end
context
'for a relative address'
do
before
do
stub_request
(
:get
,
'http://registry.gitlab/relative'
)
.
with
{
|
request
|
!
request
.
headers
.
include?
(
'Authorization'
)
}
.
to_return
(
status:
200
,
headers:
{
'Content-Type'
=>
'application/json'
},
body:
'{"key":"value"}'
)
end
let
(
:location
)
{
'/relative'
}
it
'returns correct data'
do
expect
(
blob
.
data
).
to
eq
'{"key":"value"}'
end
end
context
'for invalid file'
do
let
(
:location
)
{
'file:///etc/passwd'
}
it
'raises an error'
do
expect
{
blob
.
data
}.
to
raise_error
(
NoMethodError
,
%q{undefined method `request_uri' for #<URI::File file:///etc/passwd>}
)
expect
{
blob
.
data
}.
to
raise_error
(
ArgumentError
,
'Invalid scheme for file:///etc/passwd'
)
end
end
end
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment