diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-28 22:04:41 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-28 22:05:11 +0000 |
| commit | c9e7071c6856781b1af2bd39fa5ca0a8c6be849e (patch) | |
| tree | f3c1c303221109fa7b74094f8dd6c0c64ce73d7a | |
| parent | e6ddc0fed2446836066719ed858e7f1ac4f20dee (diff) | |
| download | gitlab-ce-c9e7071c6856781b1af2bd39fa5ca0a8c6be849e.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@15-3-stable-ee
| -rw-r--r-- | lib/gitlab/checks/tag_check.rb | 13 | ||||
| -rw-r--r-- | spec/lib/gitlab/checks/tag_check_spec.rb | 8 |
2 files changed, 20 insertions, 1 deletions
diff --git a/lib/gitlab/checks/tag_check.rb b/lib/gitlab/checks/tag_check.rb index 5dd7720b67d..007a775eaf5 100644 --- a/lib/gitlab/checks/tag_check.rb +++ b/lib/gitlab/checks/tag_check.rb @@ -9,11 +9,13 @@ module Gitlab delete_protected_tag: 'You are not allowed to delete protected tags from this project. '\ 'Only a project maintainer or owner can delete a protected tag.', delete_protected_tag_non_web: 'You can only delete protected tags using the web interface.', - create_protected_tag: 'You are not allowed to create this tag as it is protected.' + create_protected_tag: 'You are not allowed to create this tag as it is protected.', + default_branch_collision: 'You cannot use default branch name to create a tag' }.freeze LOG_MESSAGES = { tag_checks: "Checking if you are allowed to change existing tags...", + default_branch_collision_check: "Checking if you are providing a valid tag name...", protected_tag_checks: "Checking if you are creating, updating or deleting a protected tag..." }.freeze @@ -26,6 +28,7 @@ module Gitlab end end + default_branch_collision_check protected_tag_checks end @@ -52,6 +55,14 @@ module Gitlab end end end + + def default_branch_collision_check + logger.log_timed(LOG_MESSAGES[:default_branch_collision_check]) do + if creation? && tag_name == project.default_branch + raise GitAccess::ForbiddenError, ERROR_MESSAGES[:default_branch_collision] + end + end + end end end end diff --git a/spec/lib/gitlab/checks/tag_check_spec.rb b/spec/lib/gitlab/checks/tag_check_spec.rb index 6cd3a2d1c07..50ffa5fad10 100644 --- a/spec/lib/gitlab/checks/tag_check_spec.rb +++ b/spec/lib/gitlab/checks/tag_check_spec.rb @@ -81,6 +81,14 @@ RSpec.describe Gitlab::Checks::TagCheck do it 'allows tag creation' do expect { subject.validate! }.not_to raise_error end + + context 'when tag name is the same as default branch' do + let(:ref) { "refs/tags/#{project.default_branch}" } + + it 'is prevented' do + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /cannot use default branch name to create a tag/) + end + end end end end |