Render only valid paths in artifacts metadata

In this version we will support only relative paths in artifacts metadata. Support for absolute paths will be introduced later.
author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2016-01-11 09:57:03 +0100
committer: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2016-01-14 12:48:16 +0100
commit: 09a4a5aff8c53dd5930044ddbb285a95ef177d8a (patch)
tree: 16d4e877364b0d1480f83fd2faffe9cf8c1cfe82 /lib
parent: 61fb47a43202332fe9ac57847996da929ba42d3f (diff)
download: gitlab-ce-09a4a5aff8c53dd5930044ddbb285a95ef177d8a.tar.gz
2 files changed, 15 insertions, 7 deletions
diff --git a/lib/gitlab/ci/build/artifacts/metadata.rb b/lib/gitlab/ci/build/artifacts/metadata.rb
index 996b5d91ff2..91017f633a0 100644
--- a/lib/gitlab/ci/build/artifacts/metadata.rb
+++ b/lib/gitlab/ci/build/artifacts/metadata.rb
@@ -12,7 +12,6 @@ module Gitlab
           def initialize(file, path)
             @file, @path = file, path
             @full_version = read_version
-            @path << '/' unless path.end_with?('/') || path.empty?
           end
 
           def version
@@ -43,14 +42,15 @@ module Gitlab
 
           def match_entries(gz)
             paths, metadata = [], []
-            child_pattern = %r{^#{Regexp.escape(@path)}[^/\s]*/?$}
+            match_pattern = %r{^#{Regexp.escape(@path)}[^/\s]*/?$}
 
             until gz.eof? do
               begin
                 path = read_string(gz)
                 meta = read_string(gz)
                
-                next unless path =~ child_pattern
+                next unless path =~ match_pattern
+                next unless path_valid?(path)
 
                 paths.push(path)
                 metadata.push(JSON.parse(meta.chomp, symbolize_names: true))
@@ -62,6 +62,10 @@ module Gitlab
             [paths, metadata]
           end
 
+          def path_valid?(path)
+            !(path.start_with?('/') || path =~ %r{\.?\./})
+          end
+
           def read_version
             gzip do|gz|
               version_string = read_string(gz)
diff --git a/lib/gitlab/ci/build/artifacts/metadata/path.rb b/lib/gitlab/ci/build/artifacts/metadata/path.rb
index 222903b348e..80ead335d57 100644
--- a/lib/gitlab/ci/build/artifacts/metadata/path.rb
+++ b/lib/gitlab/ci/build/artifacts/metadata/path.rb
@@ -23,7 +23,7 @@ module Gitlab
         end
 
         def directory?
-          @path.end_with?('/') || @path.blank?
+          blank_node? || @path.end_with?('/')
         end
 
         def file?
@@ -40,11 +40,11 @@ module Gitlab
         end
 
         def basename
-          directory? ? name + ::File::SEPARATOR : name
+          (directory? && !blank_node?) ? name + ::File::SEPARATOR : name
         end
 
         def name
-          @name || @path.split(::File::SEPARATOR).last
+          @name || @path.split(::File::SEPARATOR).last.to_s
         end
 
         def children
@@ -83,7 +83,11 @@ module Gitlab
         end
 
         def exists?
-          @path.blank? || @universe.include?(@path)
+          blank_node? || @universe.include?(@path)
+        end
+
+        def blank_node?
+          @path.empty? # "" is considered to be './'
         end
 
         def to_s
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2016-01-11 09:57:03 +0100
committer	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2016-01-14 12:48:16 +0100
commit	09a4a5aff8c53dd5930044ddbb285a95ef177d8a (patch)
tree	16d4e877364b0d1480f83fd2faffe9cf8c1cfe82 /lib
parent	61fb47a43202332fe9ac57847996da929ba42d3f (diff)
download	gitlab-ce-09a4a5aff8c53dd5930044ddbb285a95ef177d8a.tar.gz