diff options
| -rw-r--r-- | lib/gitlab/ci/build/artifacts/metadata.rb | 8 | ||||
| -rw-r--r-- | lib/gitlab/ci/build/artifacts/metadata/path.rb | 10 | ||||
| -rw-r--r-- | spec/fixtures/ci_build_artifacts.zip | bin | 105373 -> 106365 bytes | |||
| -rw-r--r-- | spec/fixtures/ci_build_artifacts_metadata.gz | bin | 309 -> 415 bytes |
4 files changed, 13 insertions, 5 deletions
diff --git a/lib/gitlab/ci/build/artifacts/metadata.rb b/lib/gitlab/ci/build/artifacts/metadata.rb index 2b17712cdbe..d9c051be9f3 100644 --- a/lib/gitlab/ci/build/artifacts/metadata.rb +++ b/lib/gitlab/ci/build/artifacts/metadata.rb @@ -10,7 +10,8 @@ module Gitlab attr_reader :file, :path, :full_version def initialize(file, path) - @file, @path = file, path + @file = file + @path = path.force_encoding('ASCII-8BIT') @full_version = read_version end @@ -42,7 +43,7 @@ module Gitlab def match_entries(gz) paths, metadata = [], [] - match_pattern = %r{^#{Regexp.escape(@path)}[^/\s]*/?$} + match_pattern = %r{^#{Regexp.escape(@path)}[^/]*/?$} invalid_pattern = %r{(^\.?\.?/)|(/\.?\.?/)} until gz.eof? do @@ -51,11 +52,12 @@ module Gitlab meta = read_string(gz) next unless path =~ match_pattern + next unless path.force_encoding('UTF-8').valid_encoding? next if path =~ invalid_pattern paths.push(path) metadata.push(JSON.parse(meta.chomp, symbolize_names: true)) - rescue JSON::ParserError + rescue JSON::ParserError, Encoding::CompatibilityError next end end diff --git a/lib/gitlab/ci/build/artifacts/metadata/path.rb b/lib/gitlab/ci/build/artifacts/metadata/path.rb index 80ead335d57..6896aa936d5 100644 --- a/lib/gitlab/ci/build/artifacts/metadata/path.rb +++ b/lib/gitlab/ci/build/artifacts/metadata/path.rb @@ -8,18 +8,24 @@ module Gitlab # This is IO-operations safe class, that does similar job to # Ruby's Pathname but without the risk of accessing filesystem. # + # This class is working only with UTF-8 encoded paths. + # class Path attr_reader :path, :universe attr_accessor :name def initialize(path, universe, metadata = []) - @path = path + @path = path.force_encoding('UTF-8') @universe = universe @metadata = metadata if path.include?("\0") raise ArgumentError, 'Path contains zero byte character!' end + + unless path.valid_encoding? + raise ArgumentError, 'Path contains non-UTF-8 byte sequence!' + end end def directory? @@ -51,7 +57,7 @@ module Gitlab return [] unless directory? return @children if @children - child_pattern = %r{^#{Regexp.escape(@path)}[^/\s]+/?$} + child_pattern = %r{^#{Regexp.escape(@path)}[^/]+/?$} @children = select { |entry| entry =~ child_pattern } end diff --git a/spec/fixtures/ci_build_artifacts.zip b/spec/fixtures/ci_build_artifacts.zip Binary files differindex ec47005ce85..dae976d918e 100644 --- a/spec/fixtures/ci_build_artifacts.zip +++ b/spec/fixtures/ci_build_artifacts.zip diff --git a/spec/fixtures/ci_build_artifacts_metadata.gz b/spec/fixtures/ci_build_artifacts_metadata.gz Binary files differindex c394f83bf87..fe9d4c8c661 100644 --- a/spec/fixtures/ci_build_artifacts_metadata.gz +++ b/spec/fixtures/ci_build_artifacts_metadata.gz |