diff options
| author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-01-02 20:01:11 +0100 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-31 16:52:48 +0100 |
| commit | 66744469d4f2c444c0248b84096d252db749d01c (patch) | |
| tree | 0b71d2c71a195d61dca9b814e7fff31abe59004e /Dockerfile.assets | |
| parent | a1bf088201702ec4d36015c8f4cb635fa2ee2c5b (diff) | |
| download | gitlab-ce-66744469d4f2c444c0248b84096d252db749d01c.tar.gz | |
Extract GitLab Pages using RubyZip
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.
We introduce the following additional checks
to extract routines:
1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
like `public/`,
4. The symlink source needs to exist ahead of time.
Diffstat (limited to 'Dockerfile.assets')
0 files changed, 0 insertions, 0 deletions