Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
972f564d
Commit
972f564d
authored
Feb 01, 2018
by
Rubén Dávila
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Sanitize extra blank spaces used when uploading a SSH key
parent
078dac42
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
113 additions
and
17 deletions
+113
-17
app/models/key.rb
app/models/key.rb
+3
-4
changelogs/unreleased/40552-sanitize-extra-blank-spaces-used-when-uploading-a-ssh-key.yml
...tize-extra-blank-spaces-used-when-uploading-a-ssh-key.yml
+5
-0
lib/gitlab/ssh_public_key.rb
lib/gitlab/ssh_public_key.rb
+22
-6
spec/factories/keys.rb
spec/factories/keys.rb
+4
-0
spec/lib/gitlab/ssh_public_key_spec.rb
spec/lib/gitlab/ssh_public_key_spec.rb
+35
-0
spec/models/key_spec.rb
spec/models/key_spec.rb
+44
-7
No files found.
app/models/key.rb
View file @
972f564d
...
@@ -34,9 +34,8 @@ class Key < ActiveRecord::Base
...
@@ -34,9 +34,8 @@ class Key < ActiveRecord::Base
after_destroy
:refresh_user_cache
after_destroy
:refresh_user_cache
def
key
=
(
value
)
def
key
=
(
value
)
value
&
.
delete!
(
"
\n\r
"
)
write_attribute
(
:key
,
value
.
present?
?
Gitlab
::
SSHPublicKey
.
sanitize
(
value
)
:
nil
)
value
.
strip!
unless
value
.
blank?
write_attribute
(
:key
,
value
)
@public_key
=
nil
@public_key
=
nil
end
end
...
@@ -98,7 +97,7 @@ class Key < ActiveRecord::Base
...
@@ -98,7 +97,7 @@ class Key < ActiveRecord::Base
def
generate_fingerprint
def
generate_fingerprint
self
.
fingerprint
=
nil
self
.
fingerprint
=
nil
return
unless
self
.
key
.
present
?
return
unless
public_key
.
valid
?
self
.
fingerprint
=
public_key
.
fingerprint
self
.
fingerprint
=
public_key
.
fingerprint
end
end
...
...
changelogs/unreleased/40552-sanitize-extra-blank-spaces-used-when-uploading-a-ssh-key.yml
0 → 100644
View file @
972f564d
---
title
:
Sanitize extra blank spaces used when uploading a SSH key
merge_request
:
40552
author
:
type
:
fixed
lib/gitlab/ssh_public_key.rb
View file @
972f564d
...
@@ -21,6 +21,22 @@ module Gitlab
...
@@ -21,6 +21,22 @@ module Gitlab
technology
(
name
)
&
.
supported_sizes
technology
(
name
)
&
.
supported_sizes
end
end
def
self
.
sanitize
(
key_content
)
ssh_type
,
*
parts
=
key_content
.
strip
.
split
return
key_content
if
parts
.
empty?
parts
.
each_with_object
(
"
#{
ssh_type
}
"
).
with_index
do
|
(
part
,
content
),
index
|
content
<<
part
if
Gitlab
::
SSHPublicKey
.
new
(
content
).
valid?
break
[
content
,
parts
[
index
+
1
]].
compact
.
join
(
' '
)
# Add the comment part if present
elsif
parts
.
size
==
index
+
1
# return original content if we've reached the last element
break
key_content
end
end
end
attr_reader
:key_text
,
:key
attr_reader
:key_text
,
:key
# Unqualified MD5 fingerprint for compatibility
# Unqualified MD5 fingerprint for compatibility
...
@@ -37,23 +53,23 @@ module Gitlab
...
@@ -37,23 +53,23 @@ module Gitlab
end
end
def
valid?
def
valid?
key
.
present?
key
.
present?
&&
bits
&&
technology
.
supported_sizes
.
include?
(
bits
)
end
end
def
type
def
type
technology
.
name
if
valid
?
technology
.
name
if
key
.
present
?
end
end
def
bits
def
bits
return
unless
valid
?
return
if
key
.
blank
?
case
type
case
type
when
:rsa
when
:rsa
key
.
n
.
num_bits
key
.
n
&
.
num_bits
when
:dsa
when
:dsa
key
.
p
.
num_bits
key
.
p
&
.
num_bits
when
:ecdsa
when
:ecdsa
key
.
group
.
order
.
num_bits
key
.
group
.
order
&
.
num_bits
when
:ed25519
when
:ed25519
256
256
else
else
...
...
spec/factories/keys.rb
View file @
972f564d
...
@@ -5,6 +5,10 @@ FactoryBot.define do
...
@@ -5,6 +5,10 @@ FactoryBot.define do
title
title
key
{
Spec
::
Support
::
Helpers
::
KeyGeneratorHelper
.
new
(
1024
).
generate
+
' dummy@gitlab.com'
}
key
{
Spec
::
Support
::
Helpers
::
KeyGeneratorHelper
.
new
(
1024
).
generate
+
' dummy@gitlab.com'
}
factory
:key_without_comment
do
key
{
Spec
::
Support
::
Helpers
::
KeyGeneratorHelper
.
new
(
1024
).
generate
}
end
factory
:deploy_key
,
class:
'DeployKey'
factory
:deploy_key
,
class:
'DeployKey'
factory
:personal_key
do
factory
:personal_key
do
...
...
spec/lib/gitlab/ssh_public_key_spec.rb
View file @
972f564d
...
@@ -37,6 +37,41 @@ describe Gitlab::SSHPublicKey, lib: true do
...
@@ -37,6 +37,41 @@ describe Gitlab::SSHPublicKey, lib: true do
end
end
end
end
describe
'.sanitize(key_content)'
do
let
(
:content
)
{
build
(
:key
).
key
}
context
'when key has blank space characters'
do
it
'removes the extra blank space characters'
do
unsanitized
=
content
.
insert
(
100
,
"
\n
"
)
.
insert
(
40
,
"
\r\n
"
)
.
insert
(
30
,
' '
)
sanitized
=
described_class
.
sanitize
(
unsanitized
)
_
,
body
=
sanitized
.
split
expect
(
sanitized
).
not_to
eq
(
unsanitized
)
expect
(
body
).
not_to
match
(
/\s/
)
end
end
context
"when key doesn't have blank space characters"
do
it
"doesn't modify the content"
do
sanitized
=
described_class
.
sanitize
(
content
)
expect
(
sanitized
).
to
eq
(
content
)
end
end
context
"when key is invalid"
do
it
'returns the original content'
do
unsanitized
=
"ssh-foo any content=="
sanitized
=
described_class
.
sanitize
(
unsanitized
)
expect
(
sanitized
).
to
eq
(
unsanitized
)
end
end
end
describe
'#valid?'
do
describe
'#valid?'
do
subject
{
public_key
}
subject
{
public_key
}
...
...
spec/models/key_spec.rb
View file @
972f564d
...
@@ -79,16 +79,53 @@ describe Key, :mailer do
...
@@ -79,16 +79,53 @@ describe Key, :mailer do
expect
(
build
(
:key
)).
to
be_valid
expect
(
build
(
:key
)).
to
be_valid
end
end
it
'accepts a key with newline charecters after stripping them'
do
key
=
build
(
:key
)
key
.
key
=
key
.
key
.
insert
(
100
,
"
\n
"
)
key
.
key
=
key
.
key
.
insert
(
40
,
"
\r\n
"
)
expect
(
key
).
to
be_valid
end
it
'rejects the unfingerprintable key (not a key)'
do
it
'rejects the unfingerprintable key (not a key)'
do
expect
(
build
(
:key
,
key:
'ssh-rsa an-invalid-key=='
)).
not_to
be_valid
expect
(
build
(
:key
,
key:
'ssh-rsa an-invalid-key=='
)).
not_to
be_valid
end
end
where
(
:factory
,
:chars
,
:expected_sections
)
do
[
[
:key
,
[
"
\n
"
,
"
\r\n
"
],
3
],
[
:key
,
[
' '
,
' '
],
3
],
[
:key_without_comment
,
[
' '
,
' '
],
2
]
]
end
with_them
do
let!
(
:key
)
{
create
(
factory
)
}
let!
(
:original_fingerprint
)
{
key
.
fingerprint
}
it
'accepts a key with blank space characters after stripping them'
do
modified_key
=
key
.
key
.
insert
(
100
,
chars
.
first
).
insert
(
40
,
chars
.
last
)
_
,
content
=
modified_key
.
split
key
.
update!
(
key:
modified_key
)
expect
(
key
).
to
be_valid
expect
(
key
.
key
.
split
.
size
).
to
eq
(
expected_sections
)
expect
(
content
).
not_to
match
(
/\s/
)
expect
(
original_fingerprint
).
to
eq
(
key
.
fingerprint
)
end
end
end
context
'validate size'
do
where
(
:key_content
,
:result
)
do
[
[
Spec
::
Support
::
Helpers
::
KeyGeneratorHelper
.
new
(
512
).
generate
,
false
],
[
Spec
::
Support
::
Helpers
::
KeyGeneratorHelper
.
new
(
8192
).
generate
,
false
],
[
Spec
::
Support
::
Helpers
::
KeyGeneratorHelper
.
new
(
1024
).
generate
,
true
]
]
end
with_them
do
it
'validates the size of the key'
do
key
=
build
(
:key
,
key:
key_content
)
expect
(
key
.
valid?
).
to
eq
(
result
)
end
end
end
end
context
'validate it meets key restrictions'
do
context
'validate it meets key restrictions'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment