delta/gitlab/gitlab-ce.git/spec/lib/safe_zip/extract_spec.rb, branch scripts-differences gitlab.com: gitlab-org/gitlab-ce.git Fix rubocop violations 2019-01-31T20:31:25+00:00 Gabriel Mazetto brodock@gmail.com 2019-01-31T20:31:25+00:00 83adf64831d0e4cee0f8af1c4a4efa5d2a7ec1f5 






Extract GitLab Pages using RubyZip
2019-01-31T15:52:48+00:00

Kamil TrzciƄski
ayufan@ayufan.eu

2019-01-02T19:01:11+00:00

66744469d4f2c444c0248b84096d252db749d01c

RubyZip allows us to perform strong validation of
expanded paths where we do extract file.

We introduce the following additional checks
to extract routines:

1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
   like `public/`,
4. The symlink source needs to exist ahead of time.





RubyZip allows us to perform strong validation of
expanded paths where we do extract file.

We introduce the following additional checks
to extract routines:

1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
   like `public/`,
4. The symlink source needs to exist ahead of time.