Commit 59b731a5 authored by Peter Leitzen's avatar Peter Leitzen

Merge branch 'ref-params-validator' into 'master'

Add revision param validator

Closes #33766

See merge request gitlab-org/gitlab!26102
parents 5020ec91 0dbe3cb0
---
title: Add grape custom validator for git reference params
merge_request: 26102
author: Rajendra Kadam
type: added
...@@ -56,6 +56,35 @@ module API ...@@ -56,6 +56,35 @@ module API
message: "should be an array, 'None' or 'Any'" message: "should be an array, 'None' or 'Any'"
end end
end end
class GitRef < Grape::Validations::Base
# There are few checks that a Git reference should pass through to be valid reference.
# The link contains some rules that have been added to this validator.
# https://mirrors.edge.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
# We have skipped some checks that are optional and can be skipped for exception.
# We also check for control characters, More info on ctrl chars - https://ruby-doc.org/core-2.7.0/Regexp.html#class-Regexp-label-Character+Classes
INVALID_CHARS = Regexp.union('..', '\\', '@', '@{', ' ', '~', '^', ':', '*', '?', '[', /[[:cntrl:]]/).freeze
GIT_REF_LENGTH = (1..1024).freeze
def validate_param!(attr_name, params)
revision = params[attr_name]
return unless invalid_character?(revision)
raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
message: 'should be a valid reference path'
end
private
def invalid_character?(revision)
revision.nil? ||
revision.start_with?('-') ||
revision.end_with?('.') ||
GIT_REF_LENGTH.exclude?(revision.length) ||
INVALID_CHARS.match?(revision)
end
end
end end
end end
end end
...@@ -65,3 +94,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators ...@@ -65,3 +94,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators
Grape::Validations.register_validator(:absence, ::API::Helpers::CustomValidators::Absence) Grape::Validations.register_validator(:absence, ::API::Helpers::CustomValidators::Absence)
Grape::Validations.register_validator(:integer_none_any, ::API::Helpers::CustomValidators::IntegerNoneAny) Grape::Validations.register_validator(:integer_none_any, ::API::Helpers::CustomValidators::IntegerNoneAny)
Grape::Validations.register_validator(:array_none_any, ::API::Helpers::CustomValidators::ArrayNoneAny) Grape::Validations.register_validator(:array_none_any, ::API::Helpers::CustomValidators::ArrayNoneAny)
Grape::Validations.register_validator(:git_ref, ::API::Helpers::CustomValidators::GitRef)
...@@ -61,6 +61,47 @@ describe API::Helpers::CustomValidators do ...@@ -61,6 +61,47 @@ describe API::Helpers::CustomValidators do
end end
end end
describe API::Helpers::CustomValidators::GitRef do
subject do
described_class.new(['test'], {}, false, scope.new)
end
context 'valid revision param' do
it 'does not raise a validation error' do
expect_no_validation_error('test' => '4e963fe')
expect_no_validation_error('test' => 'foo/bar/baz')
expect_no_validation_error('test' => "heads/fu\303\237")
expect_no_validation_error('test' => 'a' * 1024)
end
end
context "revision param contains invalid chars" do
it 'raises a validation error' do
expect_validation_error('test' => '-4e963fe')
expect_validation_error('test' => '4e963fe..ed4ef')
expect_validation_error('test' => '4e96\3fe')
expect_validation_error('test' => '4e96@3fe')
expect_validation_error('test' => '4e9@{63fe')
expect_validation_error('test' => '4e963 fe')
expect_validation_error('test' => '4e96~3fe')
expect_validation_error('test' => '^4e963fe')
expect_validation_error('test' => '4:e963fe')
expect_validation_error('test' => '4e963fe.')
expect_validation_error('test' => 'heads/foo..bar')
expect_validation_error('test' => 'foo/bar/.')
expect_validation_error('test' => 'heads/v@{ation')
expect_validation_error('test' => 'refs/heads/foo.')
expect_validation_error('test' => 'heads/foo\bar')
expect_validation_error('test' => 'heads/f[/bar')
expect_validation_error('test' => "heads/foo\t")
expect_validation_error('test' => "heads/foo\177")
expect_validation_error('test' => "#{'a' * 1025}")
expect_validation_error('test' => nil)
expect_validation_error('test' => '')
end
end
end
describe API::Helpers::CustomValidators::FilePath do describe API::Helpers::CustomValidators::FilePath do
subject do subject do
described_class.new(['test'], {}, false, scope.new) described_class.new(['test'], {}, false, scope.new)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment