GitLab steht aufgrund wichtiger Wartungsarbeiten am Montag, den 12. April, ab 19:00 Uhr nicht zur Verfügung.

Commit 94ed0656 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'bvl-fix-encoding-errors-when-validating-paths' into 'master'

Avoid crash when trying to parse string with invalid UTF-8 sequence

See merge request !11770
parents 374486fb 33aed43e
......@@ -6,16 +6,21 @@
# Values are checked for formatting and exclusion from a list of illegal path
# names.
class DynamicPathValidator < ActiveModel::EachValidator
extend Gitlab::Git::EncodingHelper
class << self
def valid_user_path?(path)
encode!(path)
"#{path}/" =~ Gitlab::PathRegex.root_namespace_path_regex
end
def valid_group_path?(path)
encode!(path)
"#{path}/" =~ Gitlab::PathRegex.full_namespace_path_regex
end
def valid_project_path?(path)
encode!(path)
"#{path}/" =~ Gitlab::PathRegex.full_project_path_regex
end
end
......
......@@ -2,7 +2,7 @@
describe Gitlab::Git::EncodingHelper do
let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } }
let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') }
let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") }
describe '#encode!' do
[
......
......@@ -3,6 +3,28 @@
describe DynamicPathValidator do
let(:validator) { described_class.new(attributes: [:path]) }
def expect_handles_invalid_utf8
expect { yield('\255invalid') }.to be_falsey
end
describe '.valid_user_path' do
it 'handles invalid utf8' do
expect(described_class.valid_user_path?("a\0weird\255path")).to be_falsey
end
end
describe '.valid_group_path' do
it 'handles invalid utf8' do
expect(described_class.valid_group_path?("a\0weird\255path")).to be_falsey
end
end
describe '.valid_project_path' do
it 'handles invalid utf8' do
expect(described_class.valid_project_path?("a\0weird\255path")).to be_falsey
end
end
describe '#path_valid_for_record?' do
context 'for project' do
it 'calls valid_project_path?' do
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment