diff options
author | Bob Van Landuyt <bob@gitlab.com> | 2017-05-30 15:05:52 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2017-05-30 15:05:52 +0000 |
commit | 33aed43e9db41a9e482beb5e47800de8d6efbe31 (patch) | |
tree | fe2011a68623ba6e2c8ffa2ae2dbc128fe4286dd | |
parent | 374486fb2e1d51a059490a375d7fcd7aca4f65b8 (diff) | |
download | gitlab-ce-33aed43e9db41a9e482beb5e47800de8d6efbe31.tar.gz |
Avoid crash when trying to parse string with invalid UTF-8 sequence
-rw-r--r-- | app/validators/dynamic_path_validator.rb | 5 | ||||
-rw-r--r-- | spec/lib/gitlab/git/encoding_helper_spec.rb | 2 | ||||
-rw-r--r-- | spec/validators/dynamic_path_validator_spec.rb | 22 |
3 files changed, 28 insertions, 1 deletions
diff --git a/app/validators/dynamic_path_validator.rb b/app/validators/dynamic_path_validator.rb index 6819886ebf4..a9b76c7c960 100644 --- a/app/validators/dynamic_path_validator.rb +++ b/app/validators/dynamic_path_validator.rb @@ -6,16 +6,21 @@ # Values are checked for formatting and exclusion from a list of illegal path # names. class DynamicPathValidator < ActiveModel::EachValidator + extend Gitlab::Git::EncodingHelper + class << self def valid_user_path?(path) + encode!(path) "#{path}/" =~ Gitlab::PathRegex.root_namespace_path_regex end def valid_group_path?(path) + encode!(path) "#{path}/" =~ Gitlab::PathRegex.full_namespace_path_regex end def valid_project_path?(path) + encode!(path) "#{path}/" =~ Gitlab::PathRegex.full_project_path_regex end end diff --git a/spec/lib/gitlab/git/encoding_helper_spec.rb b/spec/lib/gitlab/git/encoding_helper_spec.rb index 1a3bf802a07..48fc817d857 100644 --- a/spec/lib/gitlab/git/encoding_helper_spec.rb +++ b/spec/lib/gitlab/git/encoding_helper_spec.rb @@ -2,7 +2,7 @@ require "spec_helper" describe Gitlab::Git::EncodingHelper do let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } } - let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') } + let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") } describe '#encode!' do [ diff --git a/spec/validators/dynamic_path_validator_spec.rb b/spec/validators/dynamic_path_validator_spec.rb index 5f998e78f07..8dbf3eecd23 100644 --- a/spec/validators/dynamic_path_validator_spec.rb +++ b/spec/validators/dynamic_path_validator_spec.rb @@ -3,6 +3,28 @@ require 'spec_helper' describe DynamicPathValidator do let(:validator) { described_class.new(attributes: [:path]) } + def expect_handles_invalid_utf8 + expect { yield('\255invalid') }.to be_falsey + end + + describe '.valid_user_path' do + it 'handles invalid utf8' do + expect(described_class.valid_user_path?("a\0weird\255path")).to be_falsey + end + end + + describe '.valid_group_path' do + it 'handles invalid utf8' do + expect(described_class.valid_group_path?("a\0weird\255path")).to be_falsey + end + end + + describe '.valid_project_path' do + it 'handles invalid utf8' do + expect(described_class.valid_project_path?("a\0weird\255path")).to be_falsey + end + end + describe '#path_valid_for_record?' do context 'for project' do it 'calls valid_project_path?' do |