summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Van Landuyt <bob@gitlab.com>2017-05-30 15:05:52 +0000
committerDouwe Maan <douwe@gitlab.com>2017-05-30 15:05:52 +0000
commit33aed43e9db41a9e482beb5e47800de8d6efbe31 (patch)
treefe2011a68623ba6e2c8ffa2ae2dbc128fe4286dd
parent374486fb2e1d51a059490a375d7fcd7aca4f65b8 (diff)
downloadgitlab-ce-33aed43e9db41a9e482beb5e47800de8d6efbe31.tar.gz
Avoid crash when trying to parse string with invalid UTF-8 sequence
-rw-r--r--app/validators/dynamic_path_validator.rb5
-rw-r--r--spec/lib/gitlab/git/encoding_helper_spec.rb2
-rw-r--r--spec/validators/dynamic_path_validator_spec.rb22
3 files changed, 28 insertions, 1 deletions
diff --git a/app/validators/dynamic_path_validator.rb b/app/validators/dynamic_path_validator.rb
index 6819886ebf4..a9b76c7c960 100644
--- a/app/validators/dynamic_path_validator.rb
+++ b/app/validators/dynamic_path_validator.rb
@@ -6,16 +6,21 @@
# Values are checked for formatting and exclusion from a list of illegal path
# names.
class DynamicPathValidator < ActiveModel::EachValidator
+ extend Gitlab::Git::EncodingHelper
+
class << self
def valid_user_path?(path)
+ encode!(path)
"#{path}/" =~ Gitlab::PathRegex.root_namespace_path_regex
end
def valid_group_path?(path)
+ encode!(path)
"#{path}/" =~ Gitlab::PathRegex.full_namespace_path_regex
end
def valid_project_path?(path)
+ encode!(path)
"#{path}/" =~ Gitlab::PathRegex.full_project_path_regex
end
end
diff --git a/spec/lib/gitlab/git/encoding_helper_spec.rb b/spec/lib/gitlab/git/encoding_helper_spec.rb
index 1a3bf802a07..48fc817d857 100644
--- a/spec/lib/gitlab/git/encoding_helper_spec.rb
+++ b/spec/lib/gitlab/git/encoding_helper_spec.rb
@@ -2,7 +2,7 @@ require "spec_helper"
describe Gitlab::Git::EncodingHelper do
let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } }
- let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') }
+ let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") }
describe '#encode!' do
[
diff --git a/spec/validators/dynamic_path_validator_spec.rb b/spec/validators/dynamic_path_validator_spec.rb
index 5f998e78f07..8dbf3eecd23 100644
--- a/spec/validators/dynamic_path_validator_spec.rb
+++ b/spec/validators/dynamic_path_validator_spec.rb
@@ -3,6 +3,28 @@ require 'spec_helper'
describe DynamicPathValidator do
let(:validator) { described_class.new(attributes: [:path]) }
+ def expect_handles_invalid_utf8
+ expect { yield('\255invalid') }.to be_falsey
+ end
+
+ describe '.valid_user_path' do
+ it 'handles invalid utf8' do
+ expect(described_class.valid_user_path?("a\0weird\255path")).to be_falsey
+ end
+ end
+
+ describe '.valid_group_path' do
+ it 'handles invalid utf8' do
+ expect(described_class.valid_group_path?("a\0weird\255path")).to be_falsey
+ end
+ end
+
+ describe '.valid_project_path' do
+ it 'handles invalid utf8' do
+ expect(described_class.valid_project_path?("a\0weird\255path")).to be_falsey
+ end
+ end
+
describe '#path_valid_for_record?' do
context 'for project' do
it 'calls valid_project_path?' do