Commit 844cca4a authored by Douwe Maan's avatar Douwe Maan

Add Git hook to validate maximum file size.

parent ccf79272
......@@ -3,6 +3,7 @@ v 7.12 (Unreleased)
- Enhance LDAP group synchronization to check also for member attributes that only contain "uid=<username>"
- Enhance LDAP group synchronization to check also for submember attributes
- Prevent LDAP group sync from removing a group's last owner
- Add Git hook to validate maximum file size.
v 7.11.4
- no changes specific to EE
......
......@@ -20,7 +20,7 @@ class Admin::GitHooksController < Admin::ApplicationController
def git_hook_params
params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex,
:commit_message_regex, :force_push_regex, :author_email_regex, :member_check, :file_name_regex)
:commit_message_regex, :force_push_regex, :author_email_regex, :member_check, :file_name_regex, :max_file_size)
end
def git_hook
......
......@@ -28,6 +28,6 @@ class Projects::GitHooksController < Projects::ApplicationController
# Only allow a trusted parameter "white list" through.
def git_hook_params
params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex,
:commit_message_regex, :force_push_regex, :author_email_regex, :member_check, :file_name_regex)
:commit_message_regex, :force_push_regex, :author_email_regex, :member_check, :file_name_regex, :max_file_size)
end
end
......@@ -16,6 +16,10 @@ class GitHook < ActiveRecord::Base
end
def commit_validation?
commit_message_regex.present? || author_email_regex.present? || member_check || file_name_regex.present?
commit_message_regex.present? ||
author_email_regex.present? ||
member_check ||
file_name_regex.present? ||
max_file_size > 0
end
end
......@@ -87,7 +87,7 @@
.form-group
= f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2'
.col-sm-10
= f.number_field :max_attachment_size, class: 'form-control'
= f.number_field :max_attachment_size, class: 'form-control', min: 0
.form-group
= f.label :restricted_signup_domains, 'Restricted domains for sign-ups', class: 'control-label col-sm-2'
.col-sm-10
......
......@@ -40,8 +40,8 @@
%span
Hooks
= nav_link(controller: :git_hooks) do
= link_to admin_git_hooks_path, title: 'Git Hooks' do
%i.fa.fa-git-square
= link_to admin_git_hooks_path, title: 'Git Hooks', data: {placement: 'right'} do
= icon('git-square fw')
%span
Git Hooks
= nav_link(controller: :background_jobs) do
......
......@@ -48,5 +48,13 @@
to be pushed.
If this field is empty it allows any filenames.
.form-group
= f.label :max_file_size, "Maximum file size (MB)", class: 'control-label'
.col-sm-10
= f.number_field :max_file_size, class: "form-control", min: 0
.help-block
Pushes that contain added or updated files that exceed this file size are rejected.
Set to 0 to allow files of any size.
.form-actions
= f.submit "Save Git hooks", class: "btn btn-create"
class AddMaxFileSizeToGitHooks < ActiveRecord::Migration
def change
add_column :git_hooks, :max_file_size, :integer, default: 0
end
end
......@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150529150354) do
ActiveRecord::Schema.define(version: 20150605131047) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
......@@ -133,6 +133,7 @@ ActiveRecord::Schema.define(version: 20150529150354) do
t.boolean "member_check", default: false, null: false
t.string "file_name_regex"
t.boolean "is_sample", default: false
t.integer "max_file_size", default: 0
end
create_table "historical_data", force: true do |t|
......
......@@ -226,6 +226,17 @@ module Gitlab
end
end
end
if git_hook.max_file_size > 0
commit.diffs.each do |diff|
next if diff.deleted_file
blob = project.repository.blob_at(commit.id, diff.new_path)
if blob.size > git_hook.max_file_size.megabytes
return build_status_object(false, "File #{diff.new_path.inspect} is larger than the allowed size of #{git_hook.max_file_size} MB")
end
end
end
end
end
end
......
......@@ -294,5 +294,23 @@ describe Gitlab::GitAccess do
access.git_hook_check(user, project, 'refs/heads/master', '913c66a37', '33f3729a4').allowed?.should be_truthy
end
end
describe "max file size check" do
before do
allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(1.5.megabytes.to_i)
end
it "returns false when size is too large" do
project.create_git_hook
project.git_hook.update(max_file_size: 1)
access.git_hook_check(user, project, 'refs/heads/master', 'cfe32cf6', '913c66a37').allowed?.should be_falsey
end
it "returns true when size is allowed" do
project.create_git_hook
project.git_hook.update(max_file_size: 2)
access.git_hook_check(user, project, 'refs/heads/master', 'cfe32cf6', '913c66a37').allowed?.should be_truthy
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment