diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-09-05 12:27:40 +0200 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-09-05 12:34:49 +0200 |
| commit | 3b874414c06156767117b7aa7ae705c7342d887c (patch) | |
| tree | 04318abb3fe8f963a51b8b1360dd664e57359da5 | |
| parent | 52e52f4a172ae5aa54eac4a22d98610ec5aea1b0 (diff) | |
| download | gitlab-ce-3b874414c06156767117b7aa7ae705c7342d887c.tar.gz | |
Do not use artifacts metadata to access single artifact
| -rw-r--r-- | app/controllers/projects/artifacts_controller.rb | 12 | ||||
| -rw-r--r-- | lib/api/jobs.rb | 7 | ||||
| -rw-r--r-- | spec/requests/api/jobs_spec.rb | 8 |
3 files changed, 11 insertions, 16 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index f637a9a803b..eb010923466 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -7,7 +7,7 @@ class Projects::ArtifactsController < Projects::ApplicationController before_action :authorize_update_build!, only: [:keep] before_action :extract_ref_name_and_path before_action :validate_artifacts! - before_action :set_path_and_entry, only: [:file, :raw] + before_action :entry, only: [:file] def download if artifacts_file.file_storage? @@ -41,7 +41,10 @@ class Projects::ArtifactsController < Projects::ApplicationController end def raw - send_artifacts_entry(build, @entry) + path = Gitlab::Ci::Build::Artifacts::Path + .new(params[:path]) + + send_artifacts_entry(build, path) end def keep @@ -93,9 +96,8 @@ class Projects::ArtifactsController < Projects::ApplicationController @artifacts_file ||= build.artifacts_file end - def set_path_and_entry - @path = params[:path] - @entry = build.artifacts_metadata_entry(@path) + def entry + @entry = build.artifacts_metadata_entry(params[:path]) render_404 unless @entry.exists? end diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb index 41c70a2dcb7..3d71d6bb062 100644 --- a/lib/api/jobs.rb +++ b/lib/api/jobs.rb @@ -98,10 +98,11 @@ module API build = get_build!(params[:job_id]) not_found! unless build.artifacts? - entry = build.artifacts_metadata_entry(params[:artifact_path]) - not_found! unless entry.exists? + path = Gitlab::Ci::Build::Artifacts::Path + .new(params[:artifact_path]) + not_found! unless path.valid? - send_artifacts_entry(build, entry) + send_artifacts_entry(build, path) end desc 'Download the artifacts file from a job' do diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb index ba5cab3265a..9a113096951 100644 --- a/spec/requests/api/jobs_spec.rb +++ b/spec/requests/api/jobs_spec.rb @@ -220,14 +220,6 @@ describe API::Jobs do 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) end end - - context 'when request path is invalid' do - it 'does not find artifact file' do - get_artifact_file('invalid/path') - - expect(response).to have_http_status(404) - end - end end context 'when job does not have artifacts' do |