Update wordings, allow only full path, add tests

1 files changed, 6 insertions, 8 deletions

diff --git a/app/models/project.rb b/app/models/project.rb
index 507dffde18b..5374aca7701 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -187,7 +187,7 @@ class Project < ActiveRecord::Base
   validates :creator, presence: true, on: :create
   validates :description, length: { maximum: 2000 }, allow_blank: true
   validates :ci_config_file,
-    format: { without: /\.{2}/.freeze,
+    format: { without: /\.{2}/,
               message: 'cannot include directory traversal.' },
     length: { maximum: 255 },
     allow_blank: true
@@ -222,7 +222,6 @@ class Project < ActiveRecord::Base
 
   add_authentication_token_field :runners_token
   before_save :ensure_runners_token
-  before_validation :clean_ci_config_file
 
   mount_uploader :avatar, AvatarUploader
   has_many :uploads, as: :model, dependent: :destroy
@@ -527,6 +526,11 @@ class Project < ActiveRecord::Base
     import_data&.destroy
   end
 
+  def ci_config_file=(value)
+    # Strip all leading slashes so that //foo -> foo
+    super(value&.sub(%r{\A/+}, ''))
+  end
+
   def import_url=(value)
     return super(value) unless Gitlab::UrlSanitizer.valid?(value)
 
@@ -1484,10 +1488,4 @@ class Project < ActiveRecord::Base
 
     raise ex
   end
-
-  def clean_ci_config_file
-    return unless self.ci_config_file
-    # Cleanup path removing leading/trailing slashes
-    self.ci_config_file = ci_config_file.gsub(/^\/+|\/+$/, '')
-  end
 end