Skip to content

G
gitlab-ce
Commit 33aed43e authored by Bob Van Landuyt's avatar Bob Van Landuyt Committed by Douwe Maan
Browse files
Options

Avoid crash when trying to parse string with invalid UTF-8 sequence

parent 374486fb
Show whitespace changes
Inline Side-by-side
Showing with 28 additions and 1 deletion
app/validators/dynamic_path_validator.rb
View file @ 33aed43e
...@@ -6,16 +6,21 @@ ...@@ -6,16 +6,21 @@
# Values are checked for formatting and exclusion from a list of illegal path # Values are checked for formatting and exclusion from a list of illegal path
# names. # names.
class DynamicPathValidator < ActiveModel::EachValidator class DynamicPathValidator < ActiveModel::EachValidator
extend Gitlab::Git::EncodingHelper
class << self class << self
def valid_user_path?(path) def valid_user_path?(path)
encode!(path)
"#{path}/" =~ Gitlab::PathRegex.root_namespace_path_regex "#{path}/" =~ Gitlab::PathRegex.root_namespace_path_regex
end end
def valid_group_path?(path) def valid_group_path?(path)
encode!(path)
"#{path}/" =~ Gitlab::PathRegex.full_namespace_path_regex "#{path}/" =~ Gitlab::PathRegex.full_namespace_path_regex
end end
def valid_project_path?(path) def valid_project_path?(path)
encode!(path)
"#{path}/" =~ Gitlab::PathRegex.full_project_path_regex "#{path}/" =~ Gitlab::PathRegex.full_project_path_regex
end end
end end
......
spec/lib/gitlab/git/encoding_helper_spec.rb
View file @ 33aed43e
...@@ -2,7 +2,7 @@ require "spec_helper" ...@@ -2,7 +2,7 @@ require "spec_helper"
describe Gitlab::Git::EncodingHelper do describe Gitlab::Git::EncodingHelper do
let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } } let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } }
let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') } let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") }
describe '#encode!' do describe '#encode!' do
[ [
......
spec/validators/dynamic_path_validator_spec.rb
View file @ 33aed43e
...@@ -3,6 +3,28 @@ require 'spec_helper' ...@@ -3,6 +3,28 @@ require 'spec_helper'
describe DynamicPathValidator do describe DynamicPathValidator do
let(:validator) { described_class.new(attributes: [:path]) } let(:validator) { described_class.new(attributes: [:path]) }
def expect_handles_invalid_utf8
expect { yield('\255invalid') }.to be_falsey
end
describe '.valid_user_path' do
it 'handles invalid utf8' do
expect(described_class.valid_user_path?("a\0weird\255path")).to be_falsey
end
end
describe '.valid_group_path' do
it 'handles invalid utf8' do
expect(described_class.valid_group_path?("a\0weird\255path")).to be_falsey
end
end
describe '.valid_project_path' do
it 'handles invalid utf8' do
expect(described_class.valid_project_path?("a\0weird\255path")).to be_falsey
end
end
describe '#path_valid_for_record?' do describe '#path_valid_for_record?' do
context 'for project' do context 'for project' do
it 'calls valid_project_path?' do it 'calls valid_project_path?' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7